A little about CC shops. Today, CC shops are a huge dump of shit, among which you can find your working cards. Even the word "private shop" is just marketing. If you are a beginner and you do not have your own developed bins, then roulette awaits you. You will play in the casino until you drain all your money, and then you will whine that the theme does not work. The main ways to mine CC.
Method 1. A website is created, for example, some kind of online store. A payment merchant is linked to the site. Then a program code is purchased, which is called SNIFFER. The sniffer is sewn into the site. Then traffic is poured and profit is received.
What does SNIFFER do? Copies the victim's entered information and sends this data to your server.
Method 2. Access to someone else's site is purchased. It's called SHELL. The site already has some stable traffic.
The price of the shell depends on the quality. If the site has a good flow of customers, then the price will be appropriate. Then a sniffer is embedded in this site and the entered cardholder data flies to you on the specified server.
Method 3. Calling using phishing. There are entire call centers on this topic. Most often, they look for drops in other countries by linking a card to a Google Pay or Apple Pay phone. And with a further trip to the store, they will fill the balance through an ATM with the NFC function, contactless payment, but only if it is possible to find out the PIN.
Method 4. Keylogger. They infect a PC with some kind of stealer or other virus and throw Keylogger there along with it. This is a thing that records all your keyboard inputs, mouse movements and clicks, date and time, and can also take screenshots and record the screen, as well as copy data from the clipboard.
What does the extraction of the first two methods consist of:
1. Sniffer, to obtain the entered information.
2. Hosting, the entered information flies to your server.
3. Shell, to gain access to an already finished site.
4. Merchant, links the payment to his site.
5. Traffic, customer flow. Where to get traffic is a separate topic. At first glance, everything sounds simple, but as everywhere, this requires more detailed elaboration.
For all this, you need a clear plan, the right contacts, a budget, which not everyone has, and, of course, security, which must be present at the very first stages of activity. That's all. Tools also available. Good luck and profit to all!
