Security News

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.

The e-commerce card-skimming landscape has a new wrinkle: Cybercriminals affiliated with the Magecart collective are using encrypted messaging service Telegram as a channel for sending stolen credit-card information back to its command-and-control servers. "Telegram is a popular and legitimate instant messaging service that provides end-to-end encryption, [and] a number of cybercriminals abuse it for their daily communications but also for automated tasks found in malware." He added, "The novelty [here] is the presence of the Telegram code to exfiltrate the stolen data."

"The biggest takeaway is that there exists a market, demanded by cybercriminals, for threat actors to advertise customized sniffer variants to conduct attacks against e-commerce websites through malicious JavaScript injection," researchers with Recorded Future told Threatpost, on Thursday. One such Russian-speaking threat actor currently making waves is called "Billar," which created and is the sole designer of a payment card sniffer called "Mr.SNIFFA." This sniffer was first debuted on Exploit Forum on Dec. 3, 2019, and is currently being advertised for about $3,000.

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. Called an internationalized domain name homograph attack, the technique has been used by a Magecart group on multiple domains to load the popular Inter skimming kit hidden inside a favicon file.

McCoy's work in probing the credit card systems used by some of the world's biggest purveyors of junk email greatly enriched the data that informed my 2014 book Spam Nation, and I wanted to make sure he and his colleagues had a crack at the BriansClub data as well. In 2015, the major credit card associations instituted new rules that made it riskier and potentially more expensive for U.S. merchants to continue allowing customers to swipe the stripe instead of dip the chip.

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites. "We found skimming code hidden within the metadata of an image file and surreptitiously loaded by compromised online stores," Malwarebytes researchers said last week.

A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal websites devoted to facilitating payment card fraud, computer hacking, and other crimes. Aleksei Yurievich Burkov, 30, pleaded guilty in January this year to two of the five charges against him for credit card fraud-one count of access device fraud and one count of conspiracy to commit access device fraud, identity theft, computer intrusions, wire fraud, and money laundering.

A cybercriminal responsible for running a "Carding" website on the Dark Web is going to federal prison for nine years for selling stolen consumer payment information. Aleksei Burkov, a Russian national, was the operator of a website called "Cardplanet" that sold hundreds of thousands of debit- and credit-card numbers that had been hacked - mostly from U.S. citizens.

Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites. According to several independent reports from PerimeterX, Kaspersky, and Sansec, threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for their own account, letting them exfiltrate payment information entered by users even in conditions where content security policies are enforced for maximum web security.