Netcraft security man Paul Mutton says net narks have spun up a fake version of Alphabay Market, a popular darknet venue, in a bid to steal login credentials.
AlphaBay is the brainchild of Russian carders that emerged in 2014 following the fall of drug haven Silk Road.
The HTTP site is cleverly assembled to mimic the login page for Tor and includes a CAPTCHA.
Once complete the phishing site flexes its unique feature and redirects users to the legitimate AlphaBay Market.
Mutton says the phishers could have easily generated a partial match to the AlphaBay Market public key but not a complete replica.
“Ironically, some of the services that can be bought and sold on the AlphaBay Market include spam sending services, bank drops, account details, and other services useful to fraudsters engaged in phishing,” Mutton says.
“This attack could therefore be viewed as yet another example of fraudsters defrauding fraudsters.
“In a further show of there being no honour amongst thieves, the HTML source of the phishing site appears to have been copied from a previous lookalike site using the onion-market.co domain name.”
The fake site is dangerous for new users who enter their credentials into the phishing portal and later go on to become regular users of the site. Attackers could bid their time until such a time that users have loaded accounts with Bitcoins.
It is unlikely to trick the most financially valuable AlphaBay veteran members who would only access the authentic hidden service site, likely using the community-recommended mix of operation security-focused technologies such as Tor and Tails. ®
Building secure multi-factor authentication