Allegations have emerged on a dark web forum where a threat actor is reportedly auctioning access to several e-commerce websites running on Magento 2.
According to the posts, the threat actor is allegedly targeting online stores from various regions, including Kuwait, Slovenia, and England, with varying levels of users and transaction volumes.
One of the listings claims access to a Kuwait-based electronics store. The store is said to have 77,817 registered users, with orders for the past three months listed as 403 for September, 508 for August, and 419 for July. The bidding for access allegedly starts at $500, with a “blitz” price of $1,000, implying an immediate sale if met. The auction is set to conclude in 48 hours, with additional costs, such as a guarantor, falling on the buyer.
A second listing reportedly offers access to a Slovenian perfumery store, accepting multiple payment methods, including Visa, Mastercard, PayPal, and bank transfers. This store allegedly has 1,966 users, with orders amounting to 121 in September, 73 in August, and 88 in July. The starting bid for this site is set at $100, with increments of $50, and a “blitz” price of $3,005.
The third listing allegedly involves a bicycle and scooter shop in England, with 225 users and consistent order numbers across the past three months: 240 in September, 248 in August, and 233 in July. The auction for this access starts at $250, with the option to buy immediately at $500.
The dark web posts detail that the auctions will run for 48 hours, with buyers needing to provide a deposit and cover the cost of a guarantor.
