We routinely monitor the dark web for threats and suspicious activities. Joker Stash is a Dark Web store that sells compromised bank credit cards.
On the 28th (US Time) of October the Joker Stash dark web store announced its new release of cards for sale through their news bulletin.
Something more suspicious than the ordinary dubious?
All seems working normally on the data by analyzing which banks were affected on the newly released cards. The cards are unique compared to other dark web stores selling financial data. However, while working on it there was something unusual as the volume of DUMPs for sale particularly for banks located in India was very large. We noticed that it has been labeled as “INDIA-MIX-NEW-01” which was previously selectable, viewable and purchasable.
There were a total of 1.3 million card payment details afloat for sale in Joker Stash where most targeted Indian banks which was confirm by analyzing the scraped data. The card payment details are alarming because it included TRACK 1 and TRACK 2 data that can be fraudulently abused by a carding criminal to produce physical cloned cards.
Why is it so critical?
Most of the time the cards for sale on the dark web are only good for online transactions, containing just the card number and CVV. This time the 1.3 million cards put up for sale are called DUMPs, which means the cards have an available Track 1 and/or Track 2 details that can be used for cloning the details to a blank card with magnetic stripes.
Tracks on the cards are the information a carder needs to imprint on a blank magnetic stripe in order to render it usable. These cloned cards can be used for physical in-store purchase on POS that accepts card payments usually with a brand of VISA/Mastercard.
If it is for sale, then how much?
Unique DUMPs are priced around 50 USD up to 250 USD. The payment method and currency allowed to purchase through the store are Bitcoin, Litecoin and Dash coin.
What is the latest update?
Just like how a lightning strike where it normally caught the attention of the people particularly the media and security researchers, the duration of its availability was short-lived. After 1 day of being available on the Joker Stash, it vanished into thin air like it never existed.
What are the indicators of the withdrawal?
Normally, regardless of whether the cards were sold out or not in 24 hours the store’s selector of base through their filtering system should still be visible. However, in this case, the base “INDIA-MIX-NEW-01” just vanished as if it never existed to begin with. The good thing is before the Indian base happened to vanish, we had already extracted the details for sale and alerted the affected clients to bolster the security of the affected cards against fraudulent activities and take up necessary countermeasures.
Was it sold off or withdrawn by Joker Stash Dark Web?
There was no official statement from the store admin itself of Joker Stash. Normally, Joker Stash will also try to sell off or display these data in trenches rather than in one big dump. What happened lately is unusual which leads us to think that it was unintended because it was also unannounced on the Joker Stash Bulletin. Therefore, we conclude that the cards will be back soon in trenches or in different base names to render itself invisible or hard to notice from security researches and the media.