The “MagBo” Portal Offers Access to Thousands of Hacked Servers

  • A rising service selling web shell access is offering unprecedented levels of quality and comfort.
  • Called “MagBo”, the platform is detailing the listings and even offering a backdoor access UI tool.
  • About 200 purchases of access happen on the platform each day, while up to 400 new compromises are added over the same time.

An impressive AaaS (access as a service) platform called “MagBo” has appeared in recent researcher reports, currently selling access to no less than 43,000 unique compromised servers. MagBo is an automated market where crooks can browse offerings and buy access to servers that have been previously compromised by someone who planted a web shell malware. Everything is done with a simple click, and there’s no human interaction or intervention in the process whatsoever. In the past two years, MagBo has had 150,000 “clicks” of this kind, so we’re talking about a highly successful service.


The particular platform stands out against the remote access competition thanks to the amazing diversity of its listings and the details that accompany the offerings. Other platforms merely sell web shells through forum posts and provide only the type of the business you will access. MagBo, on the other hand, offers more: it is detailing things like the hostname, the permissions that can be leveraged, the ability to distribute phishing emails from the compromised server, sniffing network traffic to steam payment or credit card details, and more.


Moreover, MagBo isn’t limiting its offering to the login credentials, but it’s also supplying a fully-fledged backend access tool that will enable the buyers to launch their attack. Called the MagBo Backdoor (MBD), this tool can perform actions on the compromised server right from an easy-to-use and comfortable UI. The sellers have loaded the necessary module files by scanning the server and figuring out what software versions it’s running, thus minimizing errors and warnings that could lead to the generation of telling logs. Therefore, MBD makes the loading of malware, the execution of arbitrary code, and a broad spectrum of other malicious actions a walk in the park.


KELA researchers report that the daily server additions to the market are between 200 and 400, and the number of daily transactions is approximately 200. There are 190 unique sellers who have something to offer on MagBo, while the cost to access each server depends on its type. For example, ZDNet found government websites on the platform, but there are also servers used by insurance and financial institutions. The cost of accessing these may be up to $10,000, and less valuable listings could be offered for a few dollars. In conclusion, MagBo is getting more popular fast, and without a doubt, it’s drawing the attention of law enforcement agencies, attention that may soon result in a crackdown.



Indian Banks and Finance Companies Targeted by Multi-Staged JSOutProx RAT Malware

Indian banks and financial institutions are being targeted by a multi-tier JSOutProx RAT that acts in two stages.The malware uses spear-phishing emails...

Mega Deletes 144,000+ User Accounts for Repeated Copyright Infringement

Mega has changed its policies and terminated over 144,000 accounts for repeated copyright infringement violations.The company says flagged data is taken down...

YouTube Creators Targeted With Phishing Scams Based on Cookie Theft Malware

Google discoverd a new Cookie Theft-based phishing scam that targeted channels belonging to YouTube creators.Actors were sending phishing emails and hijacking channels...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari