Ransomware victim disclosure
← All victimsDUC App
listed as DUC App: Global Money Movement, Simplified · Claimed by Killsecurity · listed 11 months ago
Status timeline
- ListedAug 20, 2025
- Data leakeddate unknown
At a glance
- Group
- Killsecurity
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Aug 20, 2025
About the victim
AI dossier — public-source company profileDUC App (ducapp.com) is a financial technology platform offering global money movement services including person-to-person transfers, phone top-ups, gift cards, email payments, and currency exchange. It supports a wide range of payment methods (Visa, Mastercard, Apple Pay, SEPA, Interac, etc.) and provides API integrations for e-commerce platforms such as WooCommerce and Odoo. The service appears to have roots in remittances to Cuba (formerly operating as 'Duales') and serves customers across multiple countries and languages.
- Industry
- Fintech / International Money Transfer
Attack summary
Severity: high — DUC App is a fintech/payments platform handling international money transfers and multiple payment methods; a data publication by a ransomware group implies exfiltration of potentially sensitive financial and personal data affecting users across multiple countries, warranting a high severity rating even in the absence of explicit proof details.Killsecurity claims to have compromised DUC App and has published data (disclosed status: data_published); however, the leak post itself contains no details on the nature of the attack, whether encryption or exfiltration occurred, or what specific data was obtained.
Data the group says was taken
AI dossier — extracted from the leak post- Potentially user financial transaction records
- Potentially customer PII (names, contact details)
- Potentially payment method data
- Potentially API credentials or integration keys
What the group claims
N/A
Sources
- Victim siteducapp.com
Source
Indexed 11 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

