Security News
Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "Represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week.
Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers' credit cards and personal information. In a new data breach notification issued yesterday, iOttie says they discovered on June 13th that its online store was compromised between April 12th, 2023, and June 2nd with malicious scripts.
The number of stolen Asian credit card numbers appearing on darkweb crime marts has fallen sharply, cyber security firm Group-IB told Singapore's ATxSG conference on Thursday. Out of 29 million compromised accounts found on sale on the dark web, over 12 million featured top level domains related to India.
A new Magecart credit card stealing campaign hijacks legitimate sites to act as "Makeshift" command and control servers to inject and hide the skimmers on targeted eCommerce sites. A Magecart attack is when hackers breach online stores to inject malicious scripts that steal customers' credit cards and personal information during checkout.
The U.S. Department of Justice announced today the indictment of Russian citizen Denis Gennadievich Kulkov, suspected of running a stolen credit card checking operation that generated tens of millions in revenue. Kulkov is believed to have created the Try2Check underground service in 2005, a platform that soon became highly popular among cybercriminals in the illegal credit card trade and helped the suspect make at least $18 million in bitcoin.
Hackers are hijacking online stores to display modern, realistic-looking fake payment forms to steal credit cards from unsuspecting customers. These payment forms are shown as a modal, HTML content overlayed on top of the main webpage, allowing the user to interact with login forms or notification content without leaving the page.
A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans. To evade detection, the threat actors are now injecting malicious scripts directly into the site's payment gateway modules used to process credit card payments on checkout.
A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. According to Cyble researchers who first spotted it, the leaked information is extensive, with details on "At least 740,858 credit cards, 811,676 debit cards, and 293 charge cards."
New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC chips embedded in credit cards and mobile devices to conduct close-proximity payments via credit cards, smartphones, or even smartwatches.
A New York resident has pleaded guilty to charges of conspiracy to commit bank fraud using stolen credit cards purchased on dark web cybercrime marketplaces. According to the indictment shared in the U.S. Department of Justice announcement, Osagie purchased thousands of credit and debit card data from dark web markets.