Hydra buying hash

__________________________

📍 Verified store!

📍 Guarantees! Quality! Reviews!

__________________________

▼▼ ▼▼ ▼▼ ▼▼ ▼▼ ▼▼ ▼▼

▲▲ ▲▲ ▲▲ ▲▲ ▲▲ ▲▲ ▲▲

Hydra buying hash

On an October morning in , in a town on the outskirts of Moscow, senior police investigator Evgeniya Shishkina was leaving home when she was ambushed by a gunman. Lieutenant Colonel Shishkina took a swing at her assailant. He slipped, but shot her in the stomach. As she lay on the floor he got up and shot her in the neck. Russian police and an investigation by the BBC allege the shooter was hired on an illegal drug trading platform known as Hydra, by a Russian hacker who ran one of its online drug shops. As Russian police continue investigating the murder of their colleague, the sheer size and reach of Hydra, which serves up drugs to Russians and post-Soviet republics, has come under the spotlight. But it is also a dark web drug enterprise like no other. Hydra has a whopping 2. The largest Western dark web market, AlphaBay, which closed in , was thought to have , registered users at its peak. This dwarfs its dark web counterparts in the West. Hydra represents a new kind of dark web marketplace. But there are innovations. Hydra has a strict way of doing business and code of conduct overseen by a central hub. While in other markets vendors pay once to open an account, on Hydra every one of its estimated 5, shops has to pay a monthly rent. Trusted Sellers must have racked up at least 1, transactions and customer disputes should not exceed seven percent of the total number of orders per month. Hydra has its own team of chemists and human guinea pigs to test each product and medics on standby to give safety advice. There is a subforum where these test results are posted, complete with graphs, analysis, and photos. Anyone trying to pass oregano as high-grade chronic will get kicked off the site. No fentanyl is allowed, and neither are weapons, hitmen, viruses or porn, although drugs, fake passports, dodgy SIM cards, and counterfeit cash are sold. On the whole, these rules appear to be obeyed, although the investigation into Lt. Dead drops from Russian drug web marketplaces were first reported in , but under the auspices of Hydra the system has proliferated. These dead drops can be anywhere from tree hollows, street bushes, round the back of apartment blocks or electrical transformer boxes, in crowded public locations, near metro stations or local forests. On completing the online transaction, buyers are sent coordinates, photos, and directions where to find the buried treasure. For example: go to the north entrance of the park and look under the third tree on your left. After going on this little quest, buyers have got 24 hours to confirm they have the goods and leave a review. And with business booming, Hydra has created a whole new profession for young Russians. They in turn get paid via the same anonymous means. Once they have hid 6, rubles worth of treasures, they can start earning. Galina was paid commission depending on the weight and type of drugs on each drop. But there were times she did 30 or At first she worked with hash, MDMA, and amphetamines, then almost exclusively with mephedrone, a drug that has become increasingly popular in Russia over the last decade. Take it home, re-pack it there. This is a very long and boring exercise, but I could decide how many drops of what weight I wanted to do and it was very convenient. Usually I would make 10 drops of one gram, 10 of two grams, and go lay them out, leaving the rest till next time. As soon as someone makes an order, they get the GPS coordinates. The second task of a dropper is taking a photo and writing a description and uploading the goods onto the shop site. Ten packages usually took her 30 minutes. But since then it has been updated and revised. The bible advises droppers to use encrypted phones so police cannot track previous drops and map-downloading tools to mark drops without having to go online. Unsurprisingly it tells grasshopper-level droppers to avoid drawing attention to themselves. It would be weird if someone sees an office manager crawling around the bushes. Bad places are near schools, cemeteries and police stations because they can draw unwanted attention , apartment block courtyards because the gates might be closed when the customer gets there , and even gutters unless packages are waterproofed. You can either go for a walk, looking for places to hide the stuff, making drops and taking photos as you go. The speed at which you do your job is not as important as efficiency. Lawyer Arseny Levinson runs the legal aid service Hand-Help. According to his analysis of Russian Ministry of Justice statistics, more than half of those convicted of drug trafficking in were years old and students. He says this is a lot to do with Hydra droppers. Yandex is a big online food order and delivery service in Russia. He decided to become a dropper after leaving the army and spotted the advert to be a kladman while buying drugs online. At one point he said he was doing 70 drops a day, using the money to fit out his apartment with brand new furniture. Namely adrenaline. That feeling when you balance all the time on the verge of being caught. Because of his love of forests and parks, he used those to bury his drug stashes at night when it was quiet. But all the evidence points to something of an online takeover. Shortis said Hydra is a more multifaceted and harder to contain beast than other online drug market sites. This means that whilst vendors in the West are often thought of as one person or a small group, vendors we see listed on Hydra are much more likely to be representative of a larger network of actors. Shortis said that Hydra is a lot more visible to police, but that does not make it easier to investigate. Petersburg delivering or collecting packages makes the Russian online drug trade much more visible than its western counterpart. This is very different from western cryptomarkets where the privacy of the delivery method mitigates public awareness of online drug markets. With every new shift in the criminal world comes a new bunch of parasites. For droppers who either get tracked by seekers as they make drops around town or whose hiding places are easily found by someone on the lookout for stashes, seekers can mean the sack. Seekers love the long Russian winters, when the snow reveals a myriad of hiding places across towns, cities, parks, and forests. Over the years the group has been accused of kidnapping addicts, chaining them up to make them go cold turkey, mob ties, and racism and xenophobia towards immigrants. But now CWD is refocusing its aim. Before when we were dealing with heroin, of course it was mainly gypsies and Tajiks, and every drug user was a seller as well. Now it can be Russians, anyone. A November police operation which netted nearly half a ton of various substances failed to catch even one store proprietor—just seven couriers. That brings us to another interesting question. Given what we know about Russian hackers and the Russian mafia , not to mention corruption within the DEA in the Silk Road case, could it be Hydra has friends in high places? But such cases are rare. We keep hearing cases about this, for example in Khakassia. After allegedly uncovering the scheme, year-old Yuri Zaitsev was himself charged with taking payoffs from drug dealers. When one of their dealers was caught, they personally intervened to have the charges dropped. For example, last July it was reported that two police chiefs were arrested for running an online drug ring in Moscow. And those are just a few such cases we know about. Russia now has more prisoners serving time for drugs than any other crime , a slot formerly occupied by murder. He got caught, as usual, by one stupid mistake: one day, he forgot to turn on the equivalent of a VPN or Tor on his laptop, so they traced his IP address and slapped handcuffs on him as he was boarding a flight to Kazakhstan. Still, quite enterprising for a year-old. There are two reasons Russia keeps spawning top cybercrooks like Misha. The first is that Russia has a lot of very smart, educated people. Russian universities produce great scientists, engineers, programmers, and mathematicians. The second is that the government actually uses hackers as privateers to do its bidding, which is why the same names pop up in cybercrime and national security investigations. Go, steal for Mother Russia! RAMP the Russian Anonymous Marketplace arrived on the scene in , building a platform where instead of messaging users back and forth you could simply browse the catalogue and press buy. Unlike the libertarian rhetoric bandied around on Silk Road, RAMP refused to support any agenda, knowing what happens to such outspoken parties in Russia. And unlike Silk Road, instead of taking commissions from each sale it charged every prospective drug merchant a flat tax for doing business on its platform. Hydra was born in as a merger of two smaller forums, Legal RC and Way Away, both specializing in synthetics. According to an investigation last year by Moscow-based online newspaper Lenta. Legal RC and Way Away were the last ones standing, and they had to stick together if they wanted to survive. But RAMP had major weaknesses from the outset. One, its refusal to commit to anything political extended to a ban on advertising. Hydra meanwhile had chemists working for its shops cooking up these novel substances, and a direct line to precursor suppliers in China, allowing it to corner the market in poorer areas where synthetics are more popular. Hydra struck back, shutting down the site with a string of DDoS attacks. A classic turf war broke out in cyberspace, except instead of car explosions and drive-bys it was a bunch of nerds hurling botnets at each other. One disloyal store was sold out to the feds as an example to others. Either way, with its main competitor out of the way, Hydra moved to consolidate its gains. It embarked on an aggressive publicity campaign, posting videos on YouTube, buying databases of phone numbers and spamming them with texts, and absorbing existing drug rings, inviting them to join the party. Hydra now has thousands of online drug bazaars catering to every corner of the Russian Federation, from Vladivostok in the Far East to the freshly-annexed Crimea. There are even a few branches and shops operating in Ukraine, Belarus, Kazakhstan and other former Soviet territories. Cocaine has been coming in through St. Petersburg, allegedly protected by powerful figures , since at least the 90s, although its high price has put it out of reach of most Russians. Meanwhile, a heroin pipeline was set up from the poppy fields of Afghanistan through the ex-Soviet republic of Tajikistan: kilos of heroin were hidden onboard military planes, then distributed through the Tajik diaspora. Now, the rise of new synthetic drugs and online drug markets such as Hydra has meant just about anyone can set up shop as a drug dealer. Three years ago Galina decided to progress from dropper to shop owner. But where do the shops get their supplies? Cathinones and other synthetics are now massive in Russia, and Hydra sells do-it-yourself spice and mephedrone making kits, along with the raw ingredients imported from China. The chemists find what they need through their own channels; I only allocate them funds. According to Galina, vendors on Hydra are more likely to collaborate than compete with each other. But people choose not only on the basis of price, but also take into account the convenience of drops, the reputation of the stores and their specific wares. Shops try to occupy their own specific niches. In Moscow for instance, there are quite a few shops that deal with cocaine and expensive mephedrone, and there are shops that basically only sell marijuana. Like any business, the shops have a division of labour: someone runs the stash house, someone does accounting, someone tends to the ganja plants, and so on. But the life of a dark web vendor is a busy one and she rarely gets to unwind. She now employs a team of six young couriers. This is the main problem when finding workers. You can teach anyone how to make good drops over time. I ask Galina about her life outside Hydra. She says she has very little free time. But of course I need to relax. I visit bars and cafes, watch TV shows and documentaries. Sometimes I go visit friends in another city. She may have little spare time, but at least Galina has managed to stay out of jail, unlike the droppers who make up some of the 19, people who were convicted for drug dealing in Russia in He loves writing poetry, music. It all began when Sergey wanted a new iPhone. Turns out Sergey was doing a little more than flunking biology class. On the 26th June he was picked up with two friends trying to make a drop. Dropmen are charged under article of the Russian criminal code drug trafficking and can get slapped with jail terms of up to 20 years, even for relatively small amounts. Sergey was first hit with a seven year sentence, then another court raised it to 13 years. His 18 year old friend also got 13 years and the third teenager, aged 17, got five years. Finally in January of this year, after nearly two years of appeals and taking her case to the media, Oxana and her family managed to bring it back down to six. Like in America, convicts are used for cheap manual labour. Overpacked cells and non-existent healthcare is a great way to catch tuberculosis. Torture is common. Oxana showed me a recent photo where Sergey looks skinny and pale. He works six days a week sewing backpacks. So much grief and tears! New recruits can always be found. In January the MVD announced that a special unit would be formed to fight online drug trafficking. Did taking out Pablo Escobar lead to a drug-free Colombia? Hell no. Could Hydra be the future of drug dealing? Customers must go out into a city or countryside and search for their purchase whilst avoiding raising the suspicions of the police or other members of the public. Some customers may also have to travel great distances just to find their delivery has been stolen by people who are savvy to where their local dropper is making deliveries, or that the police are actively patrolling the area where the drop has been made. While Hydra is very popular in Russia, it is rarely discussed in western cryptomarket forums. In the Middle Ages in Russia, ordinary people brought to despair went to the woods and became outlaws. Now, they are hiding on the dark web to become drug dealers. By Matthew Gault. By Trone Dowd. By Dipo Faloyin. By Tim Hume. Share: X Facebook Share Copied to clipboard. Videos by VICE. Tagged: Crime , dark web , drug-dealing , News , russia. Things Are Going to Get Weird.

A New Breed of Drug Dealer Has Turned Buying Drugs into a Treasure Hunt

Hydra buying hash

There has been a significant increase in digital transactions over the past year, particularly due to the COVID pandemic, which has forced people to rely heavily on online services. However, this increase in digital traffic has not gone unnoticed. Cybercriminals have seen it as an opportunity to target users. Recently, we came across several scenarios where cyber frauds target bank customers. We have covered one such incident in this report. Cyble researchers came across a phishing campaign targeting CommerzBank. Commerzbank Aktiengesellschaft is a major German bank that has global operations, headquartered in Frankfurt am Main. In the Twitter post, the researcher mentioned that Android malware is spreading through a page posing as the official CommerzBank page. It is also highlighted that the Threat Actor s TA has registered multiple domains on the same IP and the fake website is spreading malicious apps posing as CommerzBank app. Based on our analysis, we determined that the malware is a variant of Hydra, an Android Banking Bot initially found in early From our analysis, alongside standard banking trojan behavior such as creating an overlay for stealing credentials, Hydra has evolved. It now incorporates TeamViewer functionality, similar to S. Our research team also observed that there are HQwar Banking trojans posing as CommerzBank mobile apps. The Hydra malware shares the same icon and app name as the CommerzBank Mobile app as shown below. The fake app requests 21 different permissions, of which the TA abuses 10 permissions. The dangerous permissions are:. Accessibility Service is a background service running on the device to aid users with disabilities. For example, using Accessibility Service , malware authors can intercept the credentials entered on another app. Hydra can abuse this permission to lock the device, modify or reset the screen lock PIN, etc. Our investigation of the sample revealed that the APK file is missing some classes mentioned in the manifest shown in Figure 3. The malware uses a custom packer to evade signature-based detection. The fake app hides these classes inside a DEX file with the help of a custom packer. The fake app unpacks and loads the classes from the DEX file during the execution phase. The APK file is shown in the figure below. By reverse-engineering the sample, we decrypted and extracted the DEX file. This file contains all the missing classes, and upon inspection, we observed that these classes have malicious functionalities such as:. Figure 6 shows the code to collect phone numbers from the infected device contacts and send SMSs with the text provided by the TA. Upon starting the fake app, Hydra malware initially requests the user to enable Accessibility permission. Once this permission is enabled, the malware enables other permissions such as Device Admin permission, Contacts permission, etc. The malware also checks whether the execution environment is an emulator or an actual Android device using the checks shown in Figure 9. Cyble Research Labs evaded this anti-sandboxing technique during our analysis with the help of hooking techniques using Frida scripts. From our analysis, we observed that Hydra uses the TeamViewer functionality by abusing the Accessibility service. The malware can act as a TeamViewer app for the TA. The fake app casts the device screen using the Screencast APIs. The malware performs these activities based on the commands from the TA. In the latest version that we have analyzed, the TA behind this campaign has incorporated enhancements to the Hydra malware. Upon analysis, we observed that the malware is also posing as a CommerzBank mobile app, and we found that the fake app is a variant of HQwar malware. Recently, we have observed an increase in Android Banking Trojans being distributed through various campaigns. We have covered several such campaigns in our Cyble Research Lab blogs. This new variant of Hydra malware is the latest among the trojans spreading through phishing campaigns. We have also observed that the malware authors of Hydra are incorporating new technology to steal information and money from its victims. Alongside these features, the recent trojans have incorporated sophisticated features. Based on this pattern that we have observed, malware authors are constantly adding new features to the banking trojans to evade detection by security software and to entice cybercriminals to buy the malware. To protect themselves from these threats, users should only install applications from the official Google Play Store. We have listed some of the essential cybersecurity best practices that create the first line of control against attackers. We recommend that our readers follow the best practices given below:. Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the Darkweb. Its prime focus is to provide organizations with real-time visibility to their digital risk footprint. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www. Download Free E-Book Now. Subscribe now to keep reading and get access to the full archive. Type your email…. Continue reading. All , Fake App , Phishing. September 30, Threat Actors have registered multiple fake websites spreading malicious apps posing as the German CommerzBank. Figure 4: File in assets folder containing the encrypted DEX file. Figure 5: Code to collect contacts for upload. Figure 7: Initial Execution behavior of the malware. Figure 8: Device screenshot and code depicts that the malware hides the icon. Figure 9: Code used for emulator check. Figure Code to abuse accessibility service. Figure Code using Accessibility to perform TeamViewer activity. Get My Report. Share the Post:. Related Posts. Start typing and press enter to search Begin Search Discover more from Cyble Subscribe now to keep reading and get access to the full archive. Type your email… Subscribe. Scroll to Top. Loading Comments Email Name Website. We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.

Hydra buying hash