New Market "Bermuda" Phishing Warning

Hi,

Just a quick post as a warning regarding a supposed new marketplace called "Bermuda". It has been posted multiple times and then removed in /r/onions and has a slick looking design, but required JavaScript for sign-up. Every time it has been posted, I have tested to create an account and it has returned a "Server Error", yet keeps getting posted by fresh accounts.

I'm going to take a wild guess here and say it's a phishing attempt hoping users will enter their same details as on other markets so they can try the credentials elsewhere. However it could be something even more sinister since it is also requiring JavaScript, similar to the Agora CSRF exploit which was used to steal deposits and lock user accounts out on Agora.

After looking through their JavaScript, I can't see anything along them lines, as it just seems to be a themeforest site setup but they definitely could be just storing all user inputs. Stay safe.

Edit: I would highly advise you to read through the article linked above, relating to the Agora exploit, never enable JavaScript from any untrusted onion site.


Comments


[8 Points] None:

None of the pgp are from the real vendors according to grams....

It's fake....


[2 Points] bebopx2:

One of the new ONION sites?


[2 Points] PleaseScratchMyBalls:

Sounds like they have some sweet pot over there...


[1 Points] None:

I've seen that site yesterday. Alot of the vendors where called angelina :P


[1 Points] None:

[removed]


[1 Points] BayLapse:

I smell honey...


[1 Points] The_OPs_Mommy:

since it is also requiring JavaScript similar to the Agora CSRF exploit which was used to steal deposits and lock user accounts out on Agora

Yo dude - are you /u/t0mcheck?

Since we all know he couldn't ever seem to get it straight how JS code worked, or even what a session cookie was; but see, apparently neither can you.

Since this is like the 4th time I've seen you bring up this fake Agora exploit.

For a self-described "pentester" to not be able to understand how no money could have possibly been stolen with this "exploit" code - is pretty embarrassing tbh.

http://js.do/Dumbazz/agorafauxphish

Also - this doesn't even have anything to do with JS - as these are all GET requests which don't even make use of any CSRF techniques, despite having been sent in a PM on the Agora site. They could have served all these in a bunch of image elements. It'd be the same end result from the attacker's pov -

they'd come out exactly --> $0 ahead.


[1 Points] eddy590:

Don't know what the f*ck you are on about... Just visited the site and there is no JS or other shit enabled there... seemed pretty secure to me


[-1 Points] Andrew-Wyatt:

I have also visited the site, It looks great in design, without any issue i logged out. I asked to the Support and they replied in timely manners, the java script issue was because java script was off from my browser, and when i turn it on the issue was resolved. the only fault from there side is that they didn't mention it on their website to turn java script on before signing up.