{ "id": "c9a6ea61-a41b-46e5-b0bf-43b045c6639f", "created_at": "2026-04-06T00:22:11.954382Z", "updated_at": "2026-04-10T03:23:51.218003Z", "deleted_at": null, "sha1_hash": "06c018abfdbf545d3af0bcdd98deb9dfb0086ef6", "title": "Mastercard Data Leak, New Fully Undetectable Ransomware, Elusive Stealer Source Code Leak, and More", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 52292, "plain_text": "Mastercard Data Leak, New Fully Undetectable Ransomware,\r\nElusive Stealer Source Code Leak, and More\r\nPublished: 2024-01-08 · Archived: 2026-04-05 14:19:08 UTC\r\n1. Home\r\n2. Blog\r\n3. Dark Web\r\n4. Mastercard Data Leak, New Fully Undetectable Ransomware, Elusive Stealer Source Code Leak, and\r\nMore\r\nIn recent discoveries across the cyber threat landscape, the SOCRadar Dark Web Team has identified various\r\nconcerning developments, including an undetectable ransomware for sale claimed to be effective against major\r\nantivirus software, a Mastercard data leak asserted by the Toxcar Cyber Team on a Telegram Channel, and the\r\nsharing of the source code of Elusive Stealer, a data theft malware. These findings underscore the evolving cyber\r\nthreats, further emphasized by a recruitment post seeking a remote sales agent for a threat group offering fake\r\nhacking services.\r\nGet your free Dark Web Report and find out if your data has been compromised.\r\nType your domain to get your free dark web report\r\nA New Ransomware is on Sale\r\nThe SOCRadar Dark Web Team has come across a new ransomware being marketed on a hacker forum by a threat\r\nactor claiming to have personally developed it. The seller asserts that this ransomware is fully undetectable by\r\nsignificant antivirus software, including Avast and Windows Defender, thanks to extensive testing on Windows\r\nmachines. It uses the AES symmetric algorithm to encrypt all disks, storing the decryption key in a remote\r\ndatabase. Additionally, it changes the victim’s desktop background to a message, indicating their system is\r\ncompromised. The threat actor also mentions having developed a GUI decrypter, possibly for negotiations\r\nor ransom payments, allowing victims a chance to recover their encrypted files.\r\nData of Mastercard are Leaked by Toxcar Cyber Team\r\nThe SOCRadar Dark Web Team has reported a post on Garuda From Cyber’s Telegram Channel, where\r\nthe Toxcar Cyber Team claims they have leaked data from Mastercard. The threat actor asserts the attack targeted\r\nthe United States site of Mastercard and categorizes it as a leak. The threat actor also shared 3 screenshots alleged\r\nto be from the Mastercard database, presenting what they purport to be evidence of the intrusion.\r\nhttps://socradar.io/mastercard-data-leak-new-fully-undetectable-ransomware-elusive-stealer-source-code-leak-and-more/\r\nPage 1 of 2\n\nSource Code of Elusive Stealer is Shared\r\nA SOCRadar Dark Web Analyst has detected a post on a hacker forum revealing the sharing of the Elusive\r\nStealer‘s source code. This stealer is a type of malware that specializes in stealing sensitive information from\r\ninfected systems. The release of its source code is a significant cybersecurity concern, as it allows malicious actors\r\nto modify, improve, and spread the malware more widely, potentially leading to an increase in infections and data\r\ntheft across various systems.\r\nNew Recruitment Post is Detected\r\nA SOCRadar Dark Web Analyst has identified a recruitment post on a hacker forum for a threat group seeking a\r\nremote sales agent for fake hacking services. The threat group describes the position as full-time, remote, with a\r\nsalary range of $3000 – $5000. The job entails selling pre-made scripts that defraud customers under the guise of\r\nhacking services, with over 80 daily inquiries. Responsibilities include lead generation, negotiation, and meeting\r\nsales targets while providing customer satisfaction.\r\nPowered by DarkMirror™\r\nGaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence\r\nand digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges,\r\nSOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and\r\ngroups filtered by the targeted country or industry.\r\nSource: https://socradar.io/mastercard-data-leak-new-fully-undetectable-ransomware-elusive-stealer-source-code-leak-and-more/\r\nhttps://socradar.io/mastercard-data-leak-new-fully-undetectable-ransomware-elusive-stealer-source-code-leak-and-more/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://socradar.io/mastercard-data-leak-new-fully-undetectable-ransomware-elusive-stealer-source-code-leak-and-more/" ], "report_names": [ "mastercard-data-leak-new-fully-undetectable-ransomware-elusive-stealer-source-code-leak-and-more" ], "threat_actors": [ { "id": "a654cd50-4eaa-4d16-b06a-2c66ee10edf3", "created_at": "2024-11-13T13:15:31.103206Z", "updated_at": "2026-04-10T02:00:03.751069Z", "deleted_at": null, "main_name": "TOXCAR CYBER TEAM", "aliases": [], "source_name": "MISPGALAXY:TOXCAR CYBER TEAM", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434931, "ts_updated_at": 1775791431, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/06c018abfdbf545d3af0bcdd98deb9dfb0086ef6.pdf", "text": "https://archive.orkl.eu/06c018abfdbf545d3af0bcdd98deb9dfb0086ef6.txt", "img": "https://archive.orkl.eu/06c018abfdbf545d3af0bcdd98deb9dfb0086ef6.jpg" } }