The “MagBo” Portal Offers Access to Thousands of Hacked Servers

  • A rising service selling web shell access is offering unprecedented levels of quality and comfort.
  • Called “MagBo”, the platform is detailing the listings and even offering a backdoor access UI tool.
  • About 200 purchases of access happen on the platform each day, while up to 400 new compromises are added over the same time.

An impressive AaaS (access as a service) platform called “MagBo” has appeared in recent researcher reports, currently selling access to no less than 43,000 unique compromised servers. MagBo is an automated market where crooks can browse offerings and buy access to servers that have been previously compromised by someone who planted a web shell malware. Everything is done with a simple click, and there’s no human interaction or intervention in the process whatsoever. In the past two years, MagBo has had 150,000 “clicks” of this kind, so we’re talking about a highly successful service.

magbo_general_stats
Source: Ke-La.com

The particular platform stands out against the remote access competition thanks to the amazing diversity of its listings and the details that accompany the offerings. Other platforms merely sell web shells through forum posts and provide only the type of the business you will access. MagBo, on the other hand, offers more: it is detailing things like the hostname, the permissions that can be leveraged, the ability to distribute phishing emails from the compromised server, sniffing network traffic to steam payment or credit card details, and more.

web_shell_details
Source: Ke-La.com

Moreover, MagBo isn’t limiting its offering to the login credentials, but it’s also supplying a fully-fledged backend access tool that will enable the buyers to launch their attack. Called the MagBo Backdoor (MBD), this tool can perform actions on the compromised server right from an easy-to-use and comfortable UI. The sellers have loaded the necessary module files by scanning the server and figuring out what software versions it’s running, thus minimizing errors and warnings that could lead to the generation of telling logs. Therefore, MBD makes the loading of malware, the execution of arbitrary code, and a broad spectrum of other malicious actions a walk in the park.

mdb
Source: Ke-La.com

KELA researchers report that the daily server additions to the market are between 200 and 400, and the number of daily transactions is approximately 200. There are 190 unique sellers who have something to offer on MagBo, while the cost to access each server depends on its type. For example, ZDNet found government websites on the platform, but there are also servers used by insurance and financial institutions. The cost of accessing these may be up to $10,000, and less valuable listings could be offered for a few dollars. In conclusion, MagBo is getting more popular fast, and without a doubt, it’s drawing the attention of law enforcement agencies, attention that may soon result in a crackdown.

REVIEW OVERVIEW

Recent Articles

How to Watch Magic Camp on Disney+

Kids are going to have a blast watching this new show on Disney+ called Magic Camp. Let's see how you can watch it online...

2020 Wyndham Championship Live Stream: TV Schedule, How to Watch

Now that the PGA Championship has ended, we are moving on to the next leg of the PGA Tour, namely the Wyndham Championship. We're...

iOS 14 Will Add “Approximate Location” in the App Permission Options

The iOS 14 will feature a new API for app developers, adding an option for approximate location. This feature is meant to...