A new dark web marketplace called STYX launched earlier this year and appears to be on its way to becoming a thriving hub for buying and selling illegal services or stolen data.
Among the services provided are money laundering, identity theft, distributed denial-of-service (DDoS), bypassing two-factor authentication (2FA), fake or stolen IDs and other personal data, renting malware, using cash-out services, email and telephone flooding, identity lookup, and much more.
Overview of STYX with service categories on the left (Resecurity)
The marketplace opened its doors officially on January 19 and it uses a built-in escrow system to broker transactions between buyers and sellers.
However analysts at threat intelligence company Resecurity noticed mentions of STYX on the dark web since early 2022, when the founders were still building the escrow module.
STYX supports payments with multiple cryptocurrencies and features a special section reserved for trusted sellers that lists vetted vendors, likely in an attempt to increase trust in the platform.
To showcase the purchasing process the market points to Telegram channels where bots interact with buyers and provide samples of the products sold. Below are samples from one seller that offers fake IDs, who created documents in in the name of U.S. President Joe Biden and former professional footballer David Beckham.
Fake ID samples showcased on Telegram (Resecurity)
Researchers at Resecurity have compiled a report presenting some notable cases they discovered while exploring STYX, aiming to highlight the risks that arise from the operation of these illicit platforms and uncover the actual dimension of cybercrime.
All things financial fraud
Resecurity navigated all sections of STYX and found that it offers the following:
- Tools to bypass anti-fraud filters such as fingerprint emulators and spoofers.
- Stolen credit card and PII (personally identifiable information) data for sale.
- “Checking” (lookup) services that extract information about individuals or organizations.
- Fake ID or “drawing services that offer forged documents for over 65 countries.
- Telephone, SMS, and email flooding services ranging from $4 to $150 per day.
- Money laundering services for BEC (business email compromise) scammers and other fraudsters.
- Manuals and tutorials on hacking and cybercrime operations.
Hacking tutorials sold on STYX (Resecurity)
The money laundering section is one of the most significant in STYX, as “cleaning” the the stolen funds is a crucial part of the cybercriminal activity.
Resecurity highlighted some vendors that offer money laundering services through STYX, like “Verta,” who requests a minimum of $15,000 for individuals and $75,000 for businesses and keeps 50% of the laundered amount.
Other providers of money laundering services have different fees, as seen in the screenshot below.
Money laundering vendors (Resecurity)
“Resecurity also identified a group of trending cash-out vendors that charge commissions based on the exact BIN of the card and brand of gift card,” reads the report.
“The commission spread depends on the popularity of the service/bank, the complexity of the cash-out process, including the tactics the launderers will have to deploy to successfully circumvent a payment platform’s anti-fraud filters,” the researchers explain.
STYX hosts a plethora of cash-out shops that cover the entire world, offering the “clean” funds via Apply Pay, PayPal business accounts with merchant terminals, and various financial institutions in the U.S., U.K., and Canada.
VCC drop services (Resecurity)
The emergence of STYX as a new platform for financially-motivated cybercriminals shows that the market for illegal services continues to be a lucrative business.
Digital banks, online payment platforms, and e-commerce systems need to rise to the challenge and upgrade their KYC checks and fraud protections to undermine the effectiveness of the services sold in these crime spaces.
With the Genesis Market disrupted, the void for digital identities needs to be filled and STYX may see an increased flux of customers looking for compromised accounts and personal information.