A threat actor using the handle markopollo is auctioning unauthorized CMS administrator access to an unidentified New Zealand e-commerce store on the Exploit forum. The listing claims admin-level CMS access and a deployed payment redirection intercepting Afterpay, internet banking, and credit card payments, with 4,400 total orders (Oct 1, 2025–Jan 27, 2026) and auction terms starting at $1,500 USD and a $5,000 USD blitz price. #markopollo #Afterpay
Keypoints
- Threat actor “markopollo” is auctioning unauthorized CMS admin access to an unidentified New Zealand online shop on the Exploit forum.
- The listing advertises a “CMS recorder” and admin-level privileges to the store’s content management system.
- The seller claims the store processed 4,400 orders from Oct 1, 2025 to Jan 27, 2026, including 800+ orders in January 2026.
- A payment redirection mechanism is reportedly intercepting Afterpay, internet banking, and credit card transactions on the compromised site.
- The auction starts at $1,500 USD with $250 increments, a $5,000 USD blitz price, a 12-hour post-bid duration, and Guarantor+ escrow protection.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!