xDedic, a Marketplace Where Hacked Servers go for Sale

The name ‘XDedic’ does not reveal much. What it is, however, is a low-profile marketplace where anyone can and choose and purchase over 70,000 hacked servers from around the internet.

The marketplace provides webservers and databases from private corporations to public government networks, for sale, at a relatively cheap price. For instances, purchasing the means to gain access to a server owned and located in a European Union member government’s network would only fetch a fee of $6, reveals SecureList.

The malicious buyer gains access to all data on the server for that one-time fee, enabling the buyer to use it again at a later time to launch further attacks. The marketplace comes close to enabling the utopian dream for a malicious hacker, with cheap and easy access to victims’ data.  

In a research survey conducted by Kaspersky Lab in partnership with an unnamed European IS of the xDedic marketplace, the security firm determined a total of 70,624 servers to be available for purchase. Those servers were put up for sale from 416 unique sellers with servers from 173 affected countries, underlining the global scale of data made available in the marketplace. Brazil topped the list with 9% of the compromised servers and databases from the country. China, Russia, India, Spain, Italy and France follow.

Notably, xDedic aren’t putting up any details of compromised servers themselves. The developers have, in fact, set up a well-tweaked marketplace, complete with live technical support and toolkits to patch hacked servers that enable multiple RDP sessions and profiling tools. These tools upload information about the hacked servers into the xDedic database, making them easier to find during a search.

Furthermore, the profiling software put in place by xDedic developers gatheres information about the software installed on the server. This enables tagging servers from different industries, including trading, online gambling, payments and more.

The security firm discovered that buyer interest was potent in servers related to point-of-sale (POS), tax reporting and accounting software.

Underlining the threat posed by the Pont-of-Sale software, Kaspersky added:

For instance, a malicious user could go to the xDedic forum, register an account, top it up with Bitcoins and then purchase a number of servers which have PoS software installed. Then, they can install PoS malware, such as Backoff to harvest credit card numbers. The possibilities are truly endless.

The security firm notified law enforcement agencies who helped shut down the marketplace, before it eventually re-emerged on the dark web.

Image credit: Pixabay.