The illicit marketplace AlphaBay appears to have resurfaced, four years after a high-profile takedown by international law enforcement agencies.
The reboot, according to researchers at Flashpoint, isn’t an exact a replica. Rather, the reconstituted version of the site is described as an homage to the original and a tribute to the now deceased alleged AlphaBay moderator Alexandre Cazes.
This latest revamp is headed by threat actor DeSnake, who is believed to be an original moderator of AlphaBay. According to Flashpoint researchers, DeSnake is attempting to win the trust of criminals by claiming “threat actors operating on the forum [can] withdraw funds even if all servers are seized.”
Other changes include the banning of posts about illicit drugs, COVID-19 vaccines and ransomware. Site operators also say they will remove posts related to threat activity related to Russia, Belarus, Kazakhstan, Armenia and Kyrgyzstan to avoid unwanted attention by law enforcement in those countries.
An additional pitch by the service’s operators, promises to “updated source code for a famous banking trojan” as a promotional tactic for the service. There is no indication as to what “famous” banking trojan is.
Hacker Heyday
When AlphaBay was shut down in 2017 in a joint effort by law enforcement across Europe and Asia it has more than 200,000 user and 40,000 vendors selling illicit goods. At the time Threatpost reported there was more than 250,000 listings for drugs and toxic chemicals, 100,000 for malware, hacking tools, guns, fake documents and much more.
The old AlphaBay’s infrastructure supported what is believed to be the largest known criminal market on the internet. It was seized by U.S. officials along with authorities in Thailand, the Netherlands, Lithuania, Canada, France and the U.K.
AlphaBay was a Tor hidden service and its vendors and customers sold and bought goods using Bitcoin, Monero, Ethereum and other cryptocurrencies. Authorities said the market was also used to launder hundreds of millions of dollars.
In its blogpost, Flashpoint said, its initial AlphaBay report was based on one by Tom Robinson at Elliptic.
Worried about where the next attack is coming from? We’ve got your back. REGISTER NOW for our upcoming live webinar, How to Think Like a Threat Actor, in partnership with Uptycs. Find out precisely where attackers are targeting you and how to get there first. Join host Becky Bracken and Uptycs researchers Amit Malik and Ashwin Vamshi on Aug. 17 at 11AM EST for this LIVE discussion.
