Skip to content
February 7, 2024
1 min read time

Not Just Malware - The Drug Trafficker Takedown

Once upon a time at Monarx, a place where we're always on the lookout for digital mischief, we stumbled upon something unexpected. It was a regular Friday when we noticed something odd about an Israeli tech domain. At first glance, it was a stock wordpress blog site but there was more than met the eye. Hidden within, we uncovered a dark secret: this site was a front for an illegal drug trafficking ring.

This wasn't just any operation. These traffickers were clever, using bots to post their advertisements across various Discord channels, each dedicated to a different type of drug. They had rules, too. Each merchant could only post one product ad per hour in each channel, ensuring a wide variety of drugs from around the world were showcased. Their ads were detailed, offering lists of products with prices, quantities, photos and even videos. They promised quick delivery in Tel Aviv or free shipping across Jerusalem, all while boasting about their exceptional service and product quality.

But how did they manage their business? Through Telegram. They arranged orders and deliveries, accepting digital payments in cryptocurrencies like Bitcoin and Ethereum, or cash on delivery, with a preference for USDT but also taking the New Israeli Shekel.

The twist in our story came when the domain owner, a bold cybercriminal, reached out to their hosting provider. They complained that our malware scanner was removing their Telegram bot files and asked to have them whitelisted. It's ironic how cybercriminals, in their efforts to keep their illegal activities hidden, can sometimes reveal themselves by trying to fight against the very measures designed to stop them.

In the end, our discovery at Monarx wasn't just about finding malware. It’s a tale of uncovering a sophisticated drug trafficking network, hidden in plain sight, and the lengths to which cybercriminals will go to keep their illegal enterprises up and running.