March was no quiet month on the dark web. Criminal activities varied, from millions of stolen bankcards and malware-infected devices to drug deals and secret Bitcoin movements, and the underground network has been a crazy place of crime.
We have seen the return of a long-dead dark marketplace, a crackdown on shady adult content remittances, and even a chilling child exploitation ring busted overseas. Closer to home, Kerala police uncovered tech-savvy youth trading drugs online.
There is a lot more to explore in this digest.
2.3 Million Stolen Credit & Debit Cards Dumped on Dark Web
From 2023-2024, over 2.3 million bank cards became exposed through info stealer malware, affecting 26 million Windows devices. According to the cybersecurity company, users’ card data is stolen in 1 of 14 infections caused by an infostealer of that kind. Nevertheless, there is a likely significantly more significant number of devices infected by infosteal malware as data files taken from one victim by the attackers are primarily years later or a few months after the initial infection was released.
Redline is well known as the most common info stealer malware, accounting for 34% of the total infections in 2024. An info stealer known as Risepro spread very quickly and targeted banking card details and passwords.
The Risepro info stealer, apart from the theft of cryptocurrency wallet data, is going it’s way with software cracks, game mods, and key generators. Moreover, Kaspersky recommends that the public and corporations watch over bank notifications, implement two-factor authentication, and make all devices undergo full security scanners to be alert in the face of malware.
Feds Crack Down on Dark Web Cash Moves
The Enforcement Directorate (ED) is investigating Subdigi Ventures Private Limited, administered by a Noida-based married couple after they found a large spider web of unauthorized money remittances from abroad and a link to the companies engaged in streaming adult content.
The search operations, which were carried out under the provisions of Section 37 of the Foreign Exchange Management Act (FEMA) and Section 132 of the Income Tax Act, extended to various locations connected with the company and its directors.
The investigation being conducted by ED found that Subdigi Ventures Private Limited was being sent a significant amount of foreign remittances from Technius Limited, a company in Cyprus that operates adult content websites such as Xhamster and Stripchat. The remittances, under the pretext of services like advertising, market research, and public opinion polling, ostensibly were the proceeds of adult content being streamed on the specified platforms. The Foreign
During the raids, the ED officials identified a high-tech studio set up to create adult content. The couple used models from social media platforms to perform in these adult content streams. Apart from these transactions, the bank accounts of Subdigi Ventures and its directors were credited with an illegal remittance of Rs 15.6 crores.
Moreover, a bank account in an undisclosed location in the company’s home country had also been the recipient of around Rs 7 crores from Technius Limited. Subsequently, these funds from foreign sources were withdrawn in cash in India with the help of international debit cards, thus remaining unnoticed by the Indian authorities. The pair were keeping about 75% of the proceeds from the porn site and, at the same time, sharing only a tiny amount of the money with the performers therein. This issue of model exploitation and illicit money transfers was a significant part of the current probe. The ED is looking for the whole network of operations through cooperation with global organizations.
Dead Dark Web Portal Reborn as Whale Moves $77.5M in Untraceable BTC.
The Nucleus Marketplace, an infamous criminal marketplace on the internet’s darknet, has resurfaced after a nine-year downtime. It sold a variety of things, including drugs, fake IDs, and computer hacking services. The point is that the site disappeared in 2016, and it was assumed that either the police had found and stopped it, another criminal had stolen it, or that the same owners were the ones who had pretended to go. No one has given an official explanation for the money’s untouched status up to date.
Per a publication by the blockchain analysts at Arkham Intelligence, the resource is back and has just moved $77.5 million worth of Bitcoin into three fresh wallets. That way, the guilty party of the Nucleus Market is playing a long game, and they still have only $365 million in Bitcoin to deal with. Most probably, the analysts of Arkham’s intelligence and law enforcement officers will keep a close eye on the space to secure the rest of the stolen funds.
CA Man Gets Prison for Washing $Millions in Dark Net Drug Coin.
John Khuu, 29, has been charged with not less than 87 counts of federal prison sentence in San Francisco, California, for being part of the way to money laundering using Bitcoin to cover the proceeds of a dark web operation that sold MDMA. John Khuu, a person from San Francisco, was a significant contributor to the mythology that included the shipment of MDMA from Germany and the sale in various dark web markets.
A man whom Khuu dealt with then paid his Bitcoin to third-party accounts. The man exchanged the Bitcoin for U.S. dollars and formed a complete money laundering system consisting of a few transactions through vast numbers of financial accounts. Furthermore, he was separately charged in the Northern District of California in connection with unlawfully importing a Schedule I controlled substance. The arrest was part of the ongoing three-agency Operation Crypt Run, which resulted from a joint investigation of the Department of Justice (DOJ), the U.S. Secret Service, and the U.S. Postal Inspection Service.
The federal government is using a combination of methods to combat Bitcoin money laundering as Chainalysis, a blockchain data company, predicts that 2024 will be the year with the most significant amount of money laundered through cryptocurrency, up to $40 billion. A 2024 money laundering risk assessment from the U.S. Treasury discovered that besides the fact that traditional drug dealers still use the conventional way to launder their money, digital currency is becoming more and more popular and, thus, more effective.
Child Porn Ring Smashed in US-Thai Cops
Thai law enforcement, in collaboration with the US Department of Homeland Security (DHS), seized 36 pieces of evidence, including hard disk storage with 140,000 pages and 5,000 video files, while conducting a joint operation against the criminal. The alleged offender was detained in Chonburi province and is currently facing various charges.
The man has also been staying in the country on an overstay visa. He was involved in the sale of paedophilic sex porn through the dark web as well as in the provision of various kinds of spyware services to online businesses.
At a press conference hosted by Police Major Athip Pongsiwapai and Aaron Mercelus, the US Embassy Attaché for HSI, the TCSD officially announced a significant achievement in their operation. Speaking at a press conference in Bangkok, the US Homeland Security agency underlines its role of safeguarding the citizens and addressing national security threats. The US authorities first communicated with the Thai police unit in December 2024 on the suspicion that a few dark websites were serving as dens for these criminals and, at the same time, conducted the spyware service with no regard to the law. Mr. Steffen’s place was broken into by the Royal Thai Police and the US Embassy in Bangkok on March 5th after several months of inquiry.
Stolen Bank Data from 26M Devices Sold in Underground Forums
The Kaspersky threat intelligence team discovered that infostealer malware and bank card theft are closely related. Approximately 26 million devices suffered from the infostealer malware between 2023 and 2024; however, 2 million bank card details were exposed due to many lost devices. It must be pointed out that Infostealers, besides stealing debit or credit card information, can also look for and pinch every possible data helpful to hackers. Windows devices were the only ones affected, with 26 million during 2023-2024.
Further, it is said that cybercriminals use dark web log files to dump data months or even years after the initial infection. We still come across many of the formerly forgotten compromised accounts and data today. However, due to the lateness of the date, there is an increase in the number of remnants from previous years. Kaspersky avers that, at most, an additional 25 million devices shall be tainted with infostealer malware in 2024 and an additional 22 million devices tainted with infostealer malware in 2023. Thus, infection estimates forecast the worm’s spread for the year.
Indian Police Track 25 Dark Web Drug Suppliers
The state police in Kerala have traced the roots of a drug trafficking group consisting of twenty-five people. These people are mainly Kerala natives who are using the dark web for malicious activities. It was a joint operation by the cybercrime division and the technical intelligence wing that was launched to weed out those who are initiating the network and doing business on the dark web, the secret part of the internet that cannot be indexed by search engines and requires special software and tools to access. The Kerala police concluded that traffickers utilized dark websites to get buyers. It was interesting to find out that the criminals were in the astronautics or IT sectors, and some were from the affluent segments who were very good at their work. They were identified as the majority.
The police have made some arrests of the 25 identified traffickers through their dark web patrols. Almost all the identified people deal with banking transactions. In cases in which the criminals are outside the home state, the details have been sent to the concerned police units for further action.
Dark web sales are considered more straightforward than usual because there are no face-to-face meetings between sellers and buyers, making it impossible to recognize the violators. The producers and consumers will post to share information about the availability and requirement of the drugs, and in a short time, the products are shipped to home. Of the 25 people involved in the operation, only one person used methods other than their bank account, and most used cryptocurrency.
Drug peddlers might have imported the substances from foreign countries or procured them from local networks that have stockpiles of the banned substances. Nevertheless, the active online peddlers were involved in the distribution of a category of drugs in a smaller quantity.
