On February 15, 2021, after nearly 6.5 yrs running a business, the prolific card shop Joker?s Stash closed its doors. Those behind the store, which had been a pillar of the cybercriminal underground for years, announced that they have been retiring, reminding their fellow fraudsters within their farewell message that ?the most truly valuable factors in this life are no cost.?
While card shops have already been a staple of the underground for years, few have were able to achieve the amount of prominence that Joker?s Stash enjoyed. The go shopping was frequented by customers from around the globe ? the site was available in English and was marketed heavily on many Russian-language discussion boards ? and cultivated ties with famous cybercriminal gangs such as for example FIN7 and Anunak (also referred to as Carbanak), which supplied the go shopping?s inventory.
The past year had not been an easy one for the crew behind Joker?s Stash, on the other hand. In October, an associate of the gang posted that they had recently been hospitalized with COVID-19, and in December the shop?s blockchain DNS domains temporarily displayed a police seizure notice, an incident that is still somewhat unexplained. To leading it off, many criminals have been complaining in regards to a decline in the grade of cards given by Joker?s Stash in the last several months.
On January 15, 2021, Joker?s Stash announced their imminent closure on many underground channels. The site?s administrators opted to provide their clients a 30-working day notice in order to spend any remaining balance they could have on the website. On February 15, 2021, the lights switched off and the gang went residence.
In this blog, Blueliv analysts investigate the existing card shop ecosystem, from dynamic shops which could grow in the vacuum left by Joker?s Stash?s withdrawal along with other recently shuttered card shops.
FERum Shop ? sometimes generally known as FE Shop ? can be an English-language card shop which has both a feshop clear net domain and an onion domain. To be able to access information about the shop, such as for example updates and card data, one needs to log into the site. Creating a new account is relatively simple, though it can require contact information such as Jabber ID and ICQ variety to register.
In accordance with metrics shared by the website itself, FERum Shop has information on millions of compromised cards. The site regularly advertises the fact that new compromised information has been added and is available for sale.
FERum Shop allows prospective consumers to browse the millions of CVVs available on the site. CVVs, generally known as ?cards? on the underground, are compromised card information typically stolen from online sources such as phishing webpages or Magecart skimming tactics.