MagBo an invite-only hacker marketplace famous for Web Shell exploits of compromised servers
We shop online for various goods through Amazon, eBay, and other marketplaces. Online shopping gives us ease of sitting in our bedroom while shopping. Imagine a similar marketplace for hacked servers. That too on the surface web. We all know that underground marketplaces on the dark web exist for such trades but imagine a website that can be easily reached through your Chrome or Firefox. A website called Magbo has been in existence since September 2018 and is selling hacked wares to its select clientele.
Magbo started in 2018 by selling access to 3000 hacked servers. From 3000 servers it has grown exponentially to 43,000 hacked servers according to a report by security intelligence firm, KELA. According to Kela, MagBo has an invite-only policy to drain out unwanted guests and peekers.
Cybercriminals and hackers are the main customers on MagBo. Some cybercriminals register on the MagBo platform to sell hacked servers, while others are there just to buy. According to Kela, at present Magbo has listings of about 43,000 hacked servers. Most of the victim sites were e-commerce sites but the site also included access to sites within the healthcare, legal, education, insurance, and private sectors. Most of the breaches are from U.S., Russian, and German hosting services.
MagBo specializes in selling Web Shell access to the hacked servers. According to Kela, 90% of the listings on MagBo are web shells, while 7% and 2% offer Remote Access via compromised CMS and FTP credentials, respectively; the remaining 1% is comprised of a plethora of other access methods – from SSH to hosting admin panels.
MagBo has to date sold nearly 150,000 hacked servers to their various cybercriminal clients for about $750,000. The image below by Kela explains the stuff that MagBo sold over the years.
Most of the clients on MagBo buy these hacked servers for either black-hat SEO or for malware distribution. Some also buy such hacked servers for MageCart or web skimmer attacks. The site runs both surface Dot CC URL and a Tor website. The access is restricted regulated by the moderators to approved members. You need an invitation another active member of MagBo to be able to register a profile on the Site. Potential customers are also given descriptions of the privilege levels available such as “full access permissions,” “abilities to edit content” and “add your content.” The site is in Russian and most of the deals are also in that language.