An underground web shop is reportedly selling backdoor access to over 43,000 compromised websites and servers.
The infamous MagBo platform is known to offer nearly 150,000 different vulnerable websites with over 200 daily transactions per day and over 200 to 400 new additions to the platform per day. According to KELA, “190 different threat actors currently have active listings on the market”.
The compromised websites listed on the website include government offices and ministries that sell for $ 10,000 each, while small business websites are available for pennies. According to estimates, MagBo may have had more than $ 750,000 in revenue from selling hacked servers since 201
Underground market place
The actors who buy credentials from this platform mainly use them to run black hat SEO campaigns, although some are used to target ransomware-based ecommerce stores, web cleaning stores, and intranets. Many of the servers sold on MegBo are mainly accessed through web shells, and some offer remote access through compromised FTP and CMS credentials.
Servers that can be accessed via SSH-compromised hosting panels and SQL access are also sold in small numbers.
According to the report, most websites listed on MegBo use an outdated version of WordPress or use plugins that have not been updated, making them easy prey for intruders.
MagBo, which started in 2018, is one of the many underground marketplaces that are open in broad daylight. However, the registration on the platform is based on a recommendation from an existing member. Only when a user is registered can he carry out a transaction.
Like MegBo, xDedic was another website that was notorious for selling access to hacked RDP endpoints and would soon have 85,000 credentials before it was closed by the authorities in 2019.