Cristowals

🚨 CRITICAL CYBERINTEL ALERT: "BLACK MARKET" DIGITAL BLACK MARKET – MASSIVE OPERATION TARGETING CHILEAN FINANCIAL SECTOR 🇨🇱🏦💳🔓 [STATUS: ACTIVE THREAT] Activity has been detected involving a digital black market dubbed "BLACK MARKET Digital Services," which is trading a massive volume of compromised assets belonging to citizens and financial institutions in Chile. The platform offers everything from infrastructure for scams to banking credentials with verified balances. 🔍 Fraud Product Details (Scams & Configs) The threat actor is selling tools ready for use in executing social engineering and brute-force attacks: Phishing Kits (Scams): Cenco Full Scam Dinamic: A dynamic kit designed to impersonate Cencosud services, featuring integrated anti-bot systems. Santander Scam Full Update: A dynamic panel featuring recent updates for impersonating Banco Santander. Brute-Force Configurations (Configs): Files for cracking tools designed to compromise accounts at Coopeuch, BCI, and Santander Chile, including bypasses for security protections such as Akamai. 📊 Scope of Compromised Logs and Cards The platform offers "logs" (infection/extraction records) that include: Banking Credentials with Balances: Accounts from Santander, Itaú, and Banco Bice are being offered, with balances ranging from $600,000 to $305,000,000 CLP. Exposed Data: Each log includes the RUT (national ID), password, card number (CC), CVV, full personal information, and access to the linked email account. Card Inventory: A total of 68,355 cards are reported to be available, with a strong focus on MasterCard Gold and Business cards issued by Chilean banks. 🌐 Infrastructure and Timeline Analysis of the domains linked to the "bmrket" network reveals a rotating infrastructure designed to evade blocking measures: March 14–17, 2026: Launch and propagation of .me, .net, .online, .xyz, and .vip domains. Technical Evidence: The `cron.php` file reveals automated functions designed to mark cards and "dumps" as used or expired, thereby maintaining inventory "quality" for buyers. ⚠️ Risk Implications (VECERT Intelligence) Large-Scale Account Depletion: The sale of credentials with verified balances facilitates direct financial fraud through unauthorized transfers. Total Identity Theft: By including access to associated email accounts (MAIL:PASS), attackers can bypass security measures such as two-factor authentication (2FA) or digital tokens. Corporate Targeting: The high availability of MasterCard Business cards suggests an elevated risk for corporate accounts and SMEs. 🛡️ Immediate Response Recommendations 🔒 Transaction Monitoring: Banking institutions (Santander, Itaú, BCI, Bice, Coopeuch) must heighten vigilance regarding unusual transfer patterns, particularly involving accounts with high balances. 🔑 Credential Renewal: Banking users in Chile are advised to change their passwords and, where possible, request the reissuance of credit cards if they suspect they have accessed unofficial portals. 🏛️ Collaboration with CSIRT Chile: Report activity associated with these portals to coordinate the dismantling of the phishing infrastructure. #CyberSecurity #Chile #Santander #Itaú #BancoBice #Phishing #DataBreach #Cencosud #VECERT #InfoSec #CyberCrime 🇨🇱🛡️⚠️🚨💳