Security News > 2020 > September > Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
The e-commerce card-skimming landscape has a new wrinkle: Cybercriminals affiliated with the Magecart collective are using encrypted messaging service Telegram as a channel for sending stolen credit-card information back to its command-and-control servers.
"Telegram is a popular and legitimate instant messaging service that provides end-to-end encryption, [and] a number of cybercriminals abuse it for their daily communications but also for automated tasks found in malware." He added, "The novelty [here] is the presence of the Telegram code to exfiltrate the stolen data."
The skimmer's author also encoded the bot ID and channel as well as the Telegram API request with simple Base64 encoding, Segura said.
Attackers have used Telegram to exfiltrate data before, though the mechanism remains a rarity.
Last September, a freshly discovered commercial spyware dubbed the "Masad Clipper and Stealer" was found using Telegram bots as its C2 mechanism.
News URL
https://threatpost.com/magecart-credit-card-skimmer-telegram-c2-channel/158851/