Dark Web criminal sites facing exodus – Goodbye Joker Stash

January 19, 2021
Dark Web criminal sites facing exodus Goodbye Joker Stash

Recently during our Dark Web monitoring search for cool stuff, we encountered a surprising find regarding Joker Stash in one of the notorious criminal forums where carding actors and websites are gathered plotting their next card victims.

Victims of Joker Stash

Victims are people who own credit and debit card used for transactions either online or on the POS. Nobody is safe from getting their credentials skimmed or sniffed through Magecart-like malware – from your average joe up to your wealthy businessman. Banks are usually affected once their customers win over a dispute due to a hacking incident. The institutions will shoulder the loss; indirectly, the banks’ brand reputation is affected because most customers and affected people will perceive that they are not protecting them enough.


Good news for banks and customers

A recent article that I wrote where Joker Stash will keep coming back after the INTERPOL seized their Clearnet proxy servers and stopping the .bazar site operations momentarily, but failed to put the last nail in the coffin is the proof of the resiliency of darknet sites. However, it seems that the known criminal resiliency faded on them because this time Joker Stash will be gone for good! Here is proof:


joker stash Dark Web criminal sites facing exodus image 1



Indian Banks, Middle Eastern and US Banks can breathe

I can say that based on the observation that US Banks are the number one target of carders and adversaries because of the mighty Dollar currency and high credit limit. Joker Stash in the recent years provided working card BINs and successful after-sales transactions for most carders. There are small scale threat actors from India and Russia who lurks in the Joker Stash store to find valid Dumps and CVVs for them to cash in and use online or in physical stores. These actors know how to bypass the EMV chip technology for valid DUMPs to work. Now that Jokerstash will close for good by February 2021, this closure will significantly blow these small scale adversaries. As far as I can tell banks in the Middle East are also one of the large scale victims of Magecart and card skimming, through frequency and volume of release and updates. As a dark web intelligence resource person, I can confidently say that some countries are more targeted than other countries due to their perceived wealth and lack of security.

Bad news for skimmers or maybe not?


Rumours had been spreading in the dark web forums that a new carding site might replace Joker Stash and sell cards to carders and skimmers the same way how Joker Stash used to do it.


Word of caution to the banking and finance industries is to never be complacent because these black hat adversaries will always be attracted to the easy pursuit of money. As long as people value the concept of earning more while doing less in the wrong direction, they will keep on doing such activities to satisfy their craft. It might be true that these cannot be 100% stopped, but the effects of these activities can be mitigated. Our phishing intelligence team suggest that personal information collected from purchased dumped and CVVs is enough to start a spear-phishing campaign. Joker Stash and the likes of it don’t simply end in carding activities, there is much more can be done by crafty adversaries. That is why recovering these data ahead of threat actors is essential because it can prevent financial loss and its adverse effects. There is always a saying that prevention is better than cure.

About the author

Leave a Reply