14 DAY TRIAL // An ongoing phishing campaign is targeting users of the AlphaBay Darknet black market, which is mostly used by cyber-criminals and people looking for drugs via the Tor network.
AlphaBay is the Internet's largest black marketplace, being the underground market that rose up to take the place of the defunct Silk Road and Silk Road 2 portals after authorities took these sites down and arrested the people behind them.
Just like the originals, AlphaBay operates only via TOR (.onion domain) and sells illegal merchandise such as drugs, weapons, stolen user and credit card information, along with various other shady and nefarious commodities.
The site is monitored by law enforcement agencies, but also by other cyber-criminals, as security and monitoring firm Netcraft is reporting.
An AlphaBay phishing site is running off-Tor, may be a honeypot
Netcraft reports that somebody has set up a fake AlphaBay login page and is phishing users, collecting login credentials and then redirecting victims to the real site.
The phishing site is operating at pwoah7foa6au2pul.me.pn, which is an almost identical copy of AlphaBay's real domain: pwoah7foa6au2pul.onion. Unlike the real domain, this clone is running on the real Web and is accessible to anyone, even to those not running Tor.
The purpose of this phishing site is to gather login details for AlphaBay users, but the reasons are not clear. The site may be operated by other cybercriminals that want access to other accounts so they could defraud the original authors or run spam on the site, but the clone may also be operated by law enforcement agents as a honeypot.
In the latter case, law enforcement agencies may be trying to collect information on gullible cyber-crooks, in an attempt to unmask their real location and create a database of known AlphaBay participants.