A new dark web marketplace identified as Styx is gaining popularity among cybercriminals for providing access to a wide range of illegal services such as DDoS attacks, banking trojans, stolen IDs, and 2FA/MFA bypass solutions.
Styx is emerging as a popular new darknet market with a variety of service offerings such as financial fraud, money laundering, and identity theft, revealed security experts at Resecurity. It provides a wide range of products and services, including cash-out services, data dumps, DDoS, 2FA bypass, fake and stolen ID documents, email and telephone flooding, identity lookup, and banking malware.
Origin and offerings of Styx
The marketplace opened officially on January 19, however, Resecurity researchers have found mentions of Styx’s launch on the darknet in early 2022. - The platform uses a built-in escrow system to broker transactions between buyers and sellers.
- The marketplace provides private access to frequently used tools for online banking theft and fraud such as anti-detects, device fingerprint emulators, and spoofers.
- It offers user-spoofing, identity-spoofing, and anti-fraud bypass tools for PCs (Vektor T13 and Antidetect 4 Patreon) and mobile devices.
- The platform supports payments with multiple cryptocurrencies such as Bitcoin, Ethereum, or Tether.
When a buyer is interested
A new user registers on the platform and gains access to a vast selection of services on the marketplace to browse through.
- It features a dedicated Trusted Sellers section, where the founders presumably list vetted reliable vendors to increase trust in the platform.
- It uses Telegram channels where various automated bots interact with buyers and provides samples of the products offered for sale to add reliability and trust.
- If the user shows interest in buying any service, they are instructed to first add the amount to their Styx wallet with a specified amount in cryptocurrency.
Compromised data for sale
Styx offers a list of vendors selling compromised credit cards, cryptocurrency, e-commerce account credentials, online banking accounts, ID-related data, and payment data. - The marketplace shows Fraud Store and Bearss as reputed vendors for data theft. These vendors feature stolen data for victims in the U.S., Canada, the Netherlands, the U.K, and other countries.
- The popular intrusion vectors used include business loan data, phishing attacks targeting CPAs, social engineering, and other scams.
Additional vendors and services
Some vendors such as Kraken offer lookup services and NZI Lookup facility with victim reconnaissance tools with possible discounts for bulk orders.
- Vendors such as Podorozhnik and AnyDocs offer fake IDs and document forgery, while HubExpert and Flood Studio provide telephone and email flood services.
- The most popular service is cash-out service, provided by the vendors such as Verta, Chponk Family, ZelleCash, Slava044 (aka egg_nfc), Parlamenter VCC, and Wonderland service.
- Zen Crew offers funnel accounts, account opening services at various financial institutions in the U.S., the U.K, and Canada, and drop service (accounts used to park stolen funds).
Wrapping up
Styx stands as an example of how cybercrime marketplaces are evolving into an enterprise-like businesses, aiming to become a one-stop shop for adversaries. As Styx and other similar darknet marketplaces continue to operate, it is crucial for organizations and individuals—especially those related to the financial sector—to prioritize cybersecurity measures to protect sensitive information and mitigate the risks associated with illegal online activities.