In a fresh dark web sweep, SOCRadar researchers have discovered three new issues worth immediate attention:
First, there’s a major auction of roughly 413,000 stolen credit cards, mainly from the U.S. and Canada. The seller is bundling cards from multiple leaks and offering a validity-checking service, indicating an organized marketplace rather than a simple dump.
Second, analysts identified a new malware framework called Weapon Bot. It’s delivered via MSI installers, built on Node.js/Rust/PowerShell, and designed to evade detection. It steals browser data, wallet seeds and session tokens, while also functioning as a botnet platform.
Lastly, threat actors are actively seeking a working exploit for CVE-2024-38077 (“MadLicense”), a critical remote code execution vulnerability in Windows Remote Desktop Licensing Service. The demand suggests potential weaponization and real-world attacks.
For full details, the analysis can be found here: https://socradar.io/blog/weapon-bot-toolkit-madlicense-413k-credit-cards/
Related
This entry was posted on December 9, 2025 at 2:37 pm and is filed under Commentary with tags SOCRadar. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Dark Web Findings: Credit Cards & Weapon Bot Malware
In a fresh dark web sweep, SOCRadar researchers have discovered three new issues worth immediate attention:
First, there’s a major auction of roughly 413,000 stolen credit cards, mainly from the U.S. and Canada. The seller is bundling cards from multiple leaks and offering a validity-checking service, indicating an organized marketplace rather than a simple dump.
Second, analysts identified a new malware framework called Weapon Bot. It’s delivered via MSI installers, built on Node.js/Rust/PowerShell, and designed to evade detection. It steals browser data, wallet seeds and session tokens, while also functioning as a botnet platform.
Lastly, threat actors are actively seeking a working exploit for CVE-2024-38077 (“MadLicense”), a critical remote code execution vulnerability in Windows Remote Desktop Licensing Service. The demand suggests potential weaponization and real-world attacks.
For full details, the analysis can be found here: https://socradar.io/blog/weapon-bot-toolkit-madlicense-413k-credit-cards/
Share this:
Like this:
Related
This entry was posted on December 9, 2025 at 2:37 pm and is filed under Commentary with tags SOCRadar. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.