Credential stuffing: Bigger and badder than ever | SC Media

Credential stuffing: Bigger and badder than ever

April 26, 2019
  • STORM – a tool offered for free, but accepting donations.
  • Black Bullet - first appeared on the dark web in early 2018 and likely was created by the actor Ruri. It only allows for single company attacks.
  • Private Keeper - developed by the actor deival909 and is by far the most popular account-checking software in the Russian-speaking underground.
    Price: From 49 Russian rubles (approximately $0.80)
  • SNIPR -  developed by the threat actor Pragma and supports both online credential stuffing and offline brute-forcing dictionary attacks.
    Price: $20
  • Sentry MBA - with over 1,000 configuration files available, is one of the most prominent and readily available examples of account-checking software on the dark web.
    Price: Between $5 and $20 per configuration file
  • WOXY - email checker allows criminals to verify the validity of email accounts, scan email content for valuable information (like gift card codes or online subscriptions to streaming services, travel websites, and financial institutions), and hijack valid accounts by resetting login passwords automatically.
prestitial ad