About 400,000 Credit and Debit Card Records Are for Sale on Joker’s Stash

• A new dump has appeared on the Joker’s Stash, containing roughly 200k card records from the USA, and another 200k from South Korea.
• The information that is included in each record points to POS terminal malware campaigns, and not Magecart.
• The price is set at $5 for each card, or $2 million for the whole thing, while the validity rate is 30-40%.

Approximately 400,000 credit and debit card details belonging to people from the United States and South Korean have been put up for sale on Joker’s Stash. The notorious dark web marketplace that specializes in card dumps is offering this new listing for $1,985,835, but if you don’t have all that money to spend, you may buy individual cards for $5 each. The seller claims that roughly 30-40% of the cards are valid, with half of them being from the US and the rest coming from the Asian country.

The discovery of the sale is the work of Group IB, and the date when the listing appeared on Joker Stash was April 9, 2020. Group IB has informed the national CERTs (computer emergency response teams), as well as the affected banks in South Korean and the US. Still, malicious actors already had the time to exploit the data. Each record includes the data stored on the magnetic stripe of the card, the BIN (bank identification number), the account number, the expiration date, and the CVV (card verification value).

Source: Group IB

Due to the type of data offered, this origin cannot be a Magecart operation. To steal magnetic stripe information from a card, one would need to swipe it on a POS terminal infected with malware, or an ATM where a skimmer has been planted. The source of this new batch remains unknown, so it is possible that the same actors may still be scraping “Track 2 information” from more cards out there. However, the relatively low validity rate could be an indication that the info-stealing operation took place quite a while back. If the data was fresh, the number of active/valid cards should’ve been higher.

Those who buy these dumps, either as a whole or in parts, use the information to create clone cards. Then, they may purchase low-cost items by using the cards for contactless payments, go to an ATM and withdraw money (if the PIN is available), or simply buy stuff online. Some purchase these listings only to verify which cards are active and then resell them at a higher price. Each card is linked to a different bank account, so naturally, some are linked to empty accounts while others have thousands of USD. If someone goes through the trouble to check, they may perform more targeted and profitable sales.