Research from extraordinary security shows that threat actors are leveraging electronic crime tools called Atlantis AIO Multicheckers to automate qualification packing attacks.
Atlantis aio has emerged as a powerful weapon in cybercrime weapons, allowing attackers to rapidly and continuously test millions of stolen credentials,” the cybersecurity company said in its analysis.
Qualifications are a type of tiebar attack in which enemies collect credentials for stolen accounts, usually consisting of a list of usernames or email addresses and passwords that use them to obtain unauthorized access to user accounts on unrelated systems via large autologin requests.
Such qualifications can be obtained from data breaches of social media services or from underground forums advertised for sale by other threat actors.
Qualification stuffing is different from brute force attacks that revolve around password cracking, login credentials and encryption keys using trial and error methods.
With each extraordinary security, Atlantis AIO offers threat actors the ability to launch qualification packing attacks of scale through pre-configured modules to target a variety of platforms and cloud-based services, thereby facilitating fraud, data theft and account acquisitions.
“Atlantis AIO Multi-Checker is a cybercrime tool designed to automate qualification stuffing attacks,” he said. “You can test stolen credentials at scale, allowing you to quickly attempt millions of username and password combinations on over 140 platforms.”
The threat actors behind the program also claim to have thousands of satisfied clients, based on a “proven foundation of success,” while ensuring that security guaranteed customers are burned into the platform and to keep their purchases private.
“All features, updates and interactions are meticulously created to increase experience beyond expectations,” they told the official ad, adding, “We are continuing and continuously working on pioneering solutions that drive unprecedented outcomes.”
Atlantis AIO’s targets include email providers such as hotmail, yahoo, aol, gmx, and web.de, as well as e-commerce, streaming services, VPNs, financial institutions, and food delivery services.
Another notable aspect of this tool is the ability to implement brute force attacks against the aforementioned email platforms and automate the account recovery process associated with eBay and Yahoo.
“Certification filling tools such as Atlantis AIO provide a direct pathway to monetizing stolen qualifications by cybercriminals,” says extraordinary security.
“When you access your accounts on different platforms, attackers can exploit them in multiple ways. For example, you can sell login details on the dark web marketplace, commit fraud, distribute spam using compromised accounts, or launch phishing campaigns.”
To mitigate the risk of account acquisitions brought about by such attacks, we recommend that you establish strict password rules and implement a phishing-resistant multi-factor authentication (MFA) mechanism.
Source link
