Underground sellers-fraud-oriented sellers alliance reshapes ransomware ecosystem operations
Threat Actor Meta
Summary
Hide ▲
Show ▼
A growing underground market for premium AI platform access is turning ChatGPT, Claude, Microsoft Copilot, and Perplexity access into a tradable black-market commodity. The shift matters because ready-made accounts, subscriptions, and API access can help fraud actors scale phishing, scam scripts, and other AI-assisted abuse. Listings in fraud-oriented online communities suggest the ecosystem is broadening beyond isolated account misuse into repeated resale and redistribution.
Related Happenings
Loyalty-fraud underground resale market for airline and hotel accounts
Threat Actor Meta
First: 12.03.2026 16:05
Last: 12.03.2026 16:05
Sources 1
About this happening:
A **loyalty-fraud underground market** is turning compromised airline and hotel accounts into inventory, expanding the resale of miles and bookings across fraud-focused chat group...
Loyalty-fraud underground resale market for airline and hotel accounts
Threat Actor MetaAbout this happening: A **loyalty-fraud underground market** is turning compromised airline and hotel accounts into inventory, expanding the resale of miles and bookings across fraud-focused chat group...
Npm registry spear-phishing campaign targeting sales personnel
Campaign
First: 29.12.2025 11:44
Last: 29.12.2025 11:44
Sources 1
About this happening:
**Unknown threat actors** ran a **five-month** spear-phishing campaign that abused **27 npm packages** as browser-hosting infrastructure, turning a software registry into a resili...
Npm registry spear-phishing campaign targeting sales personnel
CampaignAbout this happening: **Unknown threat actors** ran a **five-month** spear-phishing campaign that abused **27 npm packages** as browser-hosting infrastructure, turning a software registry into a resili...
Salesloft hit by network compromise
Incident
First: 13.09.2025 12:04
Last: 13.09.2025 12:04
Sources 1
About this happening:
**Salesloft/Drift** is a **token abuse incident** tied to a **GitHub account breach** at Salesloft that began as early as **March 2025** and led to compromise of the **Drift appli...
Salesloft hit by network compromise
IncidentAbout this happening: **Salesloft/Drift** is a **token abuse incident** tied to a **GitHub account breach** at Salesloft that began as early as **March 2025** and led to compromise of the **Drift appli...
Timeline
-
25.03.2026 16:02 2 articles · 2mo ago
Growing premium AI access resale market in fraud communities
Campaign Scope UpdateHundreds of posts in fraud-oriented online communities advertise premium AI platform access as resale-style listings, including ChatGPT Plus and Pro subscriptions, Claude Pro access, Microsoft Copilot bundled with Office 365 accounts, Perplexity AI Pro, and API-related offerings. The listings promote discounted subscriptions, bundled access, shared or resold subscriptions, and claims such as “premium access,” “no limits,” and “full API access,” indicating a recurring underground market for reused accounts and programmatic access.
Show sources
- Paid AI Accounts Are Now a Hot Underground Commodity — www.bleepingcomputer.com — 25.03.2026 16:02
- Paid AI Accounts Are Now a Hot Underground Commodity — www.bleepingcomputer.com — 25.03.2026 16:02