The FBI and Dutch police report the shutdown of the VerifTools marketplace, which specialized in creating fraudulent documents. Law enforcement seized the service’s servers located in Amsterdam.
VerifTools was a large platform that produced fake documents (such as driver’s licenses and passports) and also brokered their purchase. Such forgeries were typically used to bypass various identity verification systems and helped criminals impersonate other people (both real and fictitious).
Police note that such sites are often used in banking fraud schemes, in phishing, fake tech support scams, to illegally obtain government benefits, evade prosecution, and maintain anonymity on platforms that require users to undergo KYC verification.
It is reported that the FBI launched an investigation into VerifTools’ activities back in August 2022, after receiving information about “a conspiracy to use stolen personal information to gain access to cryptocurrency accounts.”
“The investigation found that VerifTools offered fake documents for all 50 U.S. states and a number of foreign countries for just $9, with payment in cryptocurrency,” reads a statement from law enforcement.
According to a report by the Dutch police, VerifTools’ estimated revenue amounted to at least €1.3 million. However, the FBI attributes about $6.4 million in illicit proceeds to VerifTools.
It was noted that getting a fake document on the platform was very easy: all it took was uploading a photo and entering false information. VerifTools used this data to generate an image of a fake ID.
In total, during the law enforcement operation, two physical and 21 virtual servers were seized. However, the administrators of VerifTools have not yet been identified, and authorities hope that examining the seized data will ultimately lead to their arrest.
2025.04.04 — Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article →
2025.02.23 — New JavaScript obfuscation technique uses invisible Unicode characters
According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…
Full article →
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer
Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…
Full article →
2025.04.01 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →
2025.03.20 — 8,000 vulnerabilities identified in WordPress ecosystem in 2024
According to Patchstack, world's #1 WordPress vulnerability intelligence provider, 7,966 new vulnerabilities were identified in the WordPress ecosystem in 2024; most of these bugs affected plugins…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article →
2025.03.05 — Polish Space Agency disconnects its network due to hacker attack
Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…
Full article →
2025.04.23 — Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…
Full article →
2025.02.03 — PyPI introduces a project archival system to combat malicious updates
The Python Package Index (PyPI) introduces a new project archival system: a project can now be archived to notify users that it's not expected to be updated…
Full article →