Dark Web Informer
@DarkWebInformer • 214,668 subscribers
One guy. Global cybercrime. Tracked so you don't have to. Ransomware, data breaches, dark web activity, darknet markets, IOCs & emerging threats. Stay informed!
Shorts
![‼️ A threat actor is selling a NFCRipper tool which allegedly enables NFC relay, card capture, session cloning, and POS/ATM CVM bypass functionalities. They claim it can capture, replay, and manage card data through a centralized web panel for research and testing purposes. nfcripper[.]su](https://image.24vids.com/tw-2028985513273647275/amplify_video_thumb/2028985197782261760/img/iQUywt-87tUqS7XN.jpg)
Videos
🚨 Multiple users are reporting that Kash Patel’s apparel site is serving a ClickFix-style malware lure. The page appears to mimic a Cloudflare verification check and instructs visitors to run platform-specific commands to “verify” access. Instead, those commands can execute malicious code. On macOS, the observed chain reportedly pulls down an infostealer designed to target Keychain data, browser-stored credentials, session tokens, and cryptocurrency wallet information.
Dark Web Informer38,839 views • 13 days ago
‼️ A "Pegasus-Like" zero-click RAT spyware targeting Android and iOS is being sold on a popular cybercrime forum. Threat Actor: xone9to1 Date: 04-02-2026 Category: Malware / Spyware Threat actor is advertising a zero-click RAT spyware claiming to work without APK/IPA installation, compatible with iPhone 17 iOS 26.2 and Android 5 to 16. Features include device information gathering, network and SIM details, live GPS location with history, real-time notification monitoring, call logs, contacts manager, SMS manager with OTP viewer, WhatsApp call and message monitoring, and access to all social media accounts (Google, Facebook, Instagram, Twitter, Telegram, Spotify, etc.). Advanced capabilities include device controls (lock, power off, ringer, brightness), botnet controls with DDoS, file manager with encryption, live surveillance (front/back camera, screen recording, microphone access), keylogger, and banking/crypto stealer modules targeting MetaMask, Trust, Binance, UPI, Apple Pay, Google Pay, and PayPal. A demo video is included as proof of concept.
Dark Web Informer108,915 views • 2 months ago
‼️ A threat actor is allegedly selling a PDF Exploit Builder advertised as 100% FUD with unlimited builds on a popular cybercrime forum, with tiered licenses starting at $300. ⠀ ‣ Threat Actor: TheStrain ‣ Category: Illicit Service / Malware Builder ‣ Victim: Adobe Acrobat Reader, Foxit Reader (delivery vector) ‣ Industry: Malware / Exploit Tooling ⠀ The actor pitches the builder as reliable, effective, FUD, and stable, capable of bundling EXE and JAR payloads inside weaponized PDF files. They claim it supports all versions of Adobe Acrobat Reader and Foxit Reader and bypasses all forms of security. ⠀ What's offered: ⠀ ▪️ Unlimited builds ▪️ EXE and JAR payload support ▪️ Compatibility with all versions of Adobe Acrobat Reader and Foxit Reader ▪️ Claimed bypass of all forms of security ▪️ 100% FUD claim ⠀ Pricing: ⠀ ▪️ 1 Month License: $300 ▪️ 3 Months License: $500 ▪️ Lifetime License: $1,500
Dark Web Informer46,827 views • 1 month ago
‼️ A threat actor operating under the alias petrushka is selling a phishing-as-a-service (PhaaS) platform called Bluekit. The service offers 40+ phishing templates, Evilginx-based adversary-in-the-middle capabilities, 2FA bypass with geolocation and browser spoofing, antibot cloaking, cookie and credential harvesting, AI voice cloning, and bulletproof hosting with Monero payment support.
Dark Web Informer51,442 views • 1 month ago
‼️ PhishLab V1, a new phishing-as-a-service panel, is allegedly being sold on a hacking forum, marketed as undetected and capable of bypassing 2FA across major platforms. ⠀ ‣ Threat Actor: PHISHLAB ‣ Category: Phishing Kit / Malware-as-a-Service ‣ Product: PhishLab V1 ‣ Industry: Cybercrime / Credential Theft ⠀ The actor is advertising a phishing panel that captures credentials, 2FA codes, and session cookies in real time, with Telegram notifications and one-click cookie import. The kit targets banks, crypto exchanges, payment processors, retailers, and social platforms across more than 17 active modules with 10+ unique domains per module. Pricing is set at $759 first month and $250 monthly thereafter. ⠀ What's advertised: ⠀ ▪️ Real-time credential and 2FA capture ▪️ Telegram notifications on victim login ▪️ One-click cookie import for instant session takeover ▪️ Bypass for all 2FA types ▪️ 10+ unique domains per module with 24/7 updates ▪️ Crypto modules: OKX, Bybit, Binance, Coinbase ▪️ Banking modules: Chase, BoA, Wells Fargo, Citi ▪️ Payment modules: PayPal, Stripe (Venmo and Cash App in testing) ▪️ Shopping modules: Amazon, Walmart, eBay, Target ▪️ Social modules: Instagram, Facebook, WhatsApp, TikTok ▪️ 15+ additional modules in pending/testing phase
Dark Web Informer29,774 views • 1 month ago
One of the best Cybersecurity memes I've ever watched. 🤣
Dark Web Informer470,392 views • 2 years ago
‼️ M6Plus Proof of Concept (POC) CVE-2026-4583 (Missing Replay Protection) The M6PLUS Bluetooth protocol lacks cryptographic authentication mechanisms. The only integrity check is a trivial single-byte XOR checksum, which can be easily recalculated by an attacker. This allows any Bluetooth device to inject arbitrary transaction commands without the terminal being able to verify the command's origin or authenticity.
Dark Web Informer48,455 views • 1 month ago
‼️ A threat actor is selling a sophisticated phishing suite designed to mimic Ledger cryptocurrency wallet interfaces to steal seed phrases and credentials. The kit includes anti-detection features, keylogging capabilities, and Telegram integration for real-time notifications.
Dark Web Informer38,125 views • 1 month ago
🚨🚨Archetyp Darknet Market, the world's largest Darknet Market, has been seized by law enforcement.
Dark Web Informer174,595 views • 11 months ago
⚠️ A defense evasion tool called ExEngine is being sold as a service, marketed as an AV/EDR killer that disables mainstream consumer security software including Windows Defender, Malwarebytes, Bitdefender, and Avast. The tool combines AV termination with a Ring-3 rootkit, UAC bypass, and decoy payload delivery to support stealthy initial access operations. ⠀ ‣ Threat Actor: ryewx1 ‣ Category: Defense Evasion Tool / Killer ‣ Offering: ExEngine AV/EDR Killer ‣ Industry: Malware Tooling ⠀ The seller claims ExEngine actively terminates security software rather than only obfuscating payloads, granting attackers a longer window of undetected operation. The tool supports Windows 10 and 11 builds and is sold per-build at $150 to $250. ⠀ Advertised capabilities: ⠀ ▪️ AV/EDR termination with primary and fallback techniques ▪️ UAC bypass with automatic privilege escalation ▪️ Ring-3 rootkit functionality to hide files, processes, registry keys, and network connections ▪️ Discord webhook logging for victim machine info and execution status ▪️ Secondary decoy payload (game/document/installer) to keep targets unaware ▪️ Persistence across reboots and logouts ▪️ Anti-VM and anti-debug detection with fake error message exit ▪️ Universal Windows 10/11 support, all payload types ⠀ Risk to defenders: ⠀ ▪️ Active termination of consumer AV products including Windows Defender means traditional endpoint protections cannot be relied on once ExEngine executes successfully ▪️ Decoy payload pattern is designed to delay user-driven incident reporting, lengthening attacker dwell time ▪️ Ring-3 rootkit hiding of files, processes, and network connections complicates incident response triage on compromised hosts ▪️ Discord webhook telemetry indicates the operator is targeting consumer and SMB victims at scale rather than running individual targeted campaigns ▪️ Sold per-build at low cost ($150 to $250), making it accessible to low-skill operators who can pair it with commodity stealers, RATs, or loaders
Dark Web Informer22,768 views • 1 month ago