No one likes spam. And it turns out, cybercriminals have to put up with annoying automated messages for all sorts of dodgy goods too.
“WE ARE FIRST HAND SELLERS!” cried one piece of spam sent over XMPP, a chat protocol commonly used by dark web drug dealers, hackers, and, it seems, spammers. (In this case, the message was from a vendor selling stolen credit card data.) “WE DON’T RESELL SOMEBODY STUFF LIKE MANY OTHERS DO, THAT IS WHY WE CAN HAVE LOWER PRICES THAN OTHERS HAVE! WE HAVE ONE RULE: OUR CUSTOMER IS OUR BOSS!”
Over the past few months, I’ve received a steady uptick in these sort of messages whenever I log in to my messaging program. That doesn’t necessarily mean that these spammers have just started pushing out their messages en masse; probably my XMPP handle was just picked up by more dealers and added to their list of potential customers, for whatever reason.
Other messages advertise a Russian-speaking website that claims to sell a wide range of esoteric drugs, such as 2C-B and 2C-I, and more traditional narcotics like methamphetamine or cocaine. One of the messages advertises cannabis, allegedly for medicinal reasons.
“It’s time to undergo treatment,” the message reads, according to a Google translation. More spam relates to a Russian Tor hidden service allegedly selling MDMA and LSD.
In my experience, most of the messages advertised drugs. But one advert included a video of a for-sale botnet in action, along with the supposed owner’s XMPP address.
“BEST PRICES ON MARKET—STARTING 8$ on WORLDWIDE!” writes the spammer selling stolen credit card data.
Some of the XMPP accounts appear to have been created specifically for spamming people, with usernames such as “xxsend.”
Of course, XMPP spam is not a new phenomenon. In 2015, XMPP users noticed a wave of spam and were looking for ways to stop it, and last month, someone on the Cisco support forum complained about unsolicited XMPP messages. A quick script for sending out XMPP spam is also available on Github.
Thankfully, one Russian-speaking seller even lets those annoyed by the constant spamming to remove themselves from the mailing list altogether. Recipients apparently just need to reply to the dealer with the words “stopspam.”