MagBo has carried out many activities related to cybercrime, including the sale of infected servers.
Just as xDedic closed in 2019 after becoming the front-page news to sell pirated RDP endpoints and more than 85,000 credentials, it seems that another service will soon receive attention. This is MagBo, the infamous online market explicitly created for cybercrime activities.
According to the latest report from the threat intelligence company KELA, MagBo can access more than 43,000 hacked servers. Some of which belong to state and local governments, government departments, financial institutions, and health institutions.
For hackers, government servers are the biggest profit. This is because they sell for $ 10,000/piece, and small business websites cost a few cents.
MagBo is a notorious online marketplace where hackers can buy and sell pirated servers. Since its establishment in 2018, it has developed rapidly.
According to the researchers, in just two years, its size has increased by more than 14 times, and is selling access to 43,000 hacked websites. This is a huge leap forward in contrast to 3000 hacked websites it featured in September 2018. It is receiving up to 400 new additions with 200 transactions every day.
One of the reasons may be the operating model. MagBo is a decentralized platform that can provide multiple threat participants with services to download their products. According to KELA data, there are currently 190 different threat actors with active lists in the market.
KELA has also determined that there are 190 different active cybercriminal lists on the market. Since 2018, MagBo has been able to earn more than $750,000 in revenue by selling pirated servers alone.
Those who have purchased MagBo credentials use it to initiate Black Hat SEO campaigns. However, some may target e-commerce sites with ransomware, intranets, and web cleanup software.
Most servers sold through MagBo can be accessed through the Web Shell, some can be accessed remotely through infected CMS and FTP credentials, and some servers can be accessed through the dashboard.
image: KELA is Magbo