HOMETHREATSTOXCAR CYBER TEAM
APT / THREAT GROUP💰 FINANCIALHIGH

TOXCAR CYBER TEAM

1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

The Toxcar Cyber Team has claimed responsibility for a data leak involving Mastercard, asserting that the attack targeted the U.S. site and providing screenshots as purported evidence. They have also been linked to the sale of an undetectable ransomware designed to bypass major antivirus software. Additionally, the group has shared the source code of Elusive Stealer, a data theft malware. Their activities highlight a focus on data breaches and malware distribution within the cyber threat landscape.

Threat Analysis

TOXCAR CYBER TEAM is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like TOXCAR CYBER TEAM prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

With high sophistication, TOXCAR CYBER TEAM is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases1
SourceMalpedia

Also Known As

TOXCAR CYBER TEAM

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.