Cybercriminal forum staff defrauds its customers


Two administrators of a cybercriminal forum took advantage of their position for personal gain at the expense of other crooks, cybersecurity company Digital Shadows reported.

A tip-off led Digital Shadows researchers to a thread on XSS forum. Among other entries, there were direct messages between Altenen (an English language forum) and several users. Altenen processes payments via an escrow – transactions that only go through once a specific condition has been met.

ADVERTISEMENT

The scam began with one of the crooks – the forum moderator – sending out direct messages with a Bitcoin address, asking users to reply to learn the next step in the escrow process.

In one case, a user purchased a laptop from another and messaged the moderator asking for an address to send a $600 payment for holding. After sending the money, the user asked for confirmation but received a demand from a moderator for an additional escrow fee of $120 instead. Saying they didn’t have that much money, the user negotiated for a smaller $80 escrow fee.

Shortly afterward, the user wanted to recall the deal and asked for a refund. However, the moderator ignored the plea.

“Several more conversations took place that followed a similar pattern, involving either the moderator or admin ignoring or ceasing to reply to a user once payment had been taken. Western Union (WU) transfers were used in place of Bitcoin in some cases. In one conversation, the admin even admitted to a user that the moderator conned him and tried to downplay the whole event,” Digital Shadows explained.

According to researchers, some users were not targeted because of specific criteria, for example, they were Muslims or high-profile forum members.

Muslim brother

In another case, a user sought a “verified seller” status to sell point of sale (POS) RAM scraping malware on the forum. The admin said the privilege cost $500 and suggested the user to develop a Bitcoin stealer and deploy it onto the forum.

“From these leaked conversations, it is clear that at least two staff members (one of which being an administrator) are prepared to steal from their own forum’s user base. Whether it be through a bogus escrow scheme, or even through cryptocurrency stealing malware,” Digital Shadows noted.

ADVERTISEMENT