A new dark web marketplace called STYX was launched earlier this year and looks set to become a thriving hub for buying and selling illegal services or stolen data.
Among the services provided are money laundering, identity theft, distributed denial of service (DDoS), two-factor authentication (2FA) bypass, false credentials or identity theft and other personal data, rental of malware, use of collection services, email and phone flooding, identity search and much more.
The market officially opened on January 19 and uses an integrated escrow system to mediate trades between buyers and sellers.
However, analysts from threat intelligence firm Resecurity have noticed mentions of STYX on the dark web since early 2022, when the founders were still building the escrow module.
STYX supports payments with multiple cryptocurrencies and offers a special Trusted Sellers section that lists approved sellers, presumably in an effort to increase trust in the platform.
To showcase the buying process, the marketplace points to Telegram channels where bots interact with buyers and provide samples of the products being sold. Below are examples of a seller offering fake IDs, who created documents in the name of US President Joe Biden and former professional footballer David Beckham.
Resecurity researchers have compiled a report featuring some notable cases they discovered while exploring STYX, with the aim of highlighting the risks that arise from the operation of these illicit platforms and uncovering the real dimension of the cybercriminality.
Everything related to financial fraud
Resecurity went through all sections of STYX and discovered that it offers the following:
- Tools to bypass anti-fraud filters such as fingerprint emulators and spoofers.
- Stolen credit card and PII data (personally identifiable information) for sale.
- “Verification” (research) services that extract information about individuals or organizations.
- Fake ID or “drawing services that offer forged documents for over 65 countries.
- Flood services by phone, text and email ranging from $4 to $150 per day.
- Money laundering services for BEC (business email compromised) scammers and other fraudsters.
- Manuals and tutorials on hacking and cybercrime operations.
The money laundering section is one of the most important in STYX, as “cleaning up” stolen funds is a crucial part of cybercriminal activity.
Resecurity has highlighted some providers that offer money laundering services through STYX, such as “Verta,” which charges a minimum of $15,000 for individuals and $75,000 for businesses and keeps 50% of the laundered amount.
Other money laundering service providers have different fees as shown in the screenshot below.
“Resecurity has also identified a group of trending cashout vendors who charge commissions based on the card’s exact BIN and gift card brand,” read the report.
“The distribution of commissions depends on the popularity of the service/bank, the complexity of the withdrawal process, including the tactics launderers will need to deploy to successfully circumvent a payment platform’s fraud filters,” explain the researchers.
STYX hosts a plethora of cashout shops that span the globe, offering “own” funds via Apply Pay, PayPal business accounts with merchant terminals, and various financial institutions in the US, UK and Canada.
The emergence of STYX as a new platform for financially motivated cybercriminals shows that the market for illegal services continues to be a lucrative business.
Digital banks, online payment platforms and e-commerce systems must rise to the challenge and upgrade their KYC checks and fraud protections to undermine the effectiveness of services sold in these criminal spaces.
With the Genesis market disruptedthe void for digital identities needs to be filled and STYX could see an increased flow of customers looking for compromised accounts and personal information.