August 10, 2021

Cybercriminals are fuelling a new criminal carding marketplace by posting one million credit cards stolen between 2018 and 2019 on hacking forums.

Carding refers to the trade and use of stolen credit cards by point-of-sale malware, magecart attacks on websites and the theft of information by trojans.

These stolen credit cards are then sold on criminal carding marketplaces where other actors buy them to make online purchases or, more often, to buy hard-to-trace prepaid gift cards.

A week ago, a new criminal carding marketplace called AllWorld Cards posted to various hacker forums, where one million credit cards were leaked for free.

A threat said that a random sample of 98 cards showed that about 27% of the cards were still in use. However, a report by the Italian security firm D3Labs found that 50% are still valid, a far more significant percentage than originally stated.

While cybersecurity firm Cyble has analyzed only 400,000 cards so far, the top five associated banks are:

• STATE BANK OF INDIA (44,654 cards)
• JPMORGAN CHASE BANK N.A. (27,440 cards)
• BBVA BANCOMER S.A. (21,624 cards)
• THE TORONTO-DOMINION BANK (14,647 cards)
• POSTE ITALIANE S.P.A. (BANCO POSTA) (14,066 cards)

Cyble imported the data into its AmIBreached service to check if its own credit card details had been stolen.

The AllWorld Cards site is still fresh in the carding scene, and the promotion has been met with appreciation by many threat actors who downloaded the stolen card data.

It began in May 2021 and has a stock of 2,634,615 credit cards. The nation with the most cards is the U.S., with 1,167,616 cards for purchase.

Cards cost between $0.30 and $14.40, with 73% of the cards costing between $3.00 and $5.00.

For more information, read the original story in BleepingComputer.