On February 15, 2021, after nearly 6.5 yrs running a business, the prolific card shop Joker?s Stash closed its doorways. Those behind the store, which have been a pillar of the cybercriminal underground for a long time, announced that they had been retiring, reminding their fellow fraudsters within their farewell message that ?probably the most truly valuable stuff in this life are free of charge.?
While card shops have already been a staple of the underground for a long time, few have managed to achieve the level of prominence that Joker?s Stash liked. The store was frequented by customers from around the world ? the site was available in English and was marketed heavily on many Russian-language forums ? and cultivated ties with well known cybercriminal feshop18 gangs such as FIN7 and Anunak (generally known as Carbanak), which supplied the shop?s inventory.
The past year had not been an easy one for the crew behind Joker?s Stash, on the other hand. In October, a member of the gang posted they had been recently hospitalized with COVID-19, and in December the shop?s blockchain DNS domains temporarily shown a law enforcement seizure notice, an incident that’s still somewhat unexplained. To leading it off, many criminals have been complaining in regards to a decline in the quality of cards supplied by Joker?s Stash in the last several months.
On January 15, 2021, Joker?s Stash announced their imminent closure on many underground channels. The website?s administrators opted to provide their clients a 30-working day notice as a way to spend any remaining balance they could have on the website. On February 15, 2021, the lights switched off and the gang went house.
In this blog, Blueliv analysts investigate the current card shop ecosystem, from dynamic shops that may grow in the vacuum still left by Joker?s Stash?s withdrawal along with other recently shuttered card shops.
FERum Shop ? sometimes generally known as FE Shop ? is an English-language card shop which has both a clear net domain and an onion domain. So that you can access information about the shop, such as for example updates and card details, one must log into the site. Creating a new account is relatively simple, though it can require contact information such as for example Jabber ID and ICQ amount to register.
According to metrics shared by the website itself, FERum Shop has information on millions of compromised cards. The website regularly advertises the point that new compromised info has been added and can be acquired for sale.
FERum Shop allows prospective consumers to browse the millions of CVVs available on the site. CVVs, often known as ?cards? on the underground, will be compromised card information generally stolen from online sources such as phishing webpages or Magecart skimming tactics.