Security News
The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. After stealing the credit card info, the malware will send it to command-and-control servers different than the ones the Emotet card stealer module.
Two two American gun shops, Rainier Arms and Numrich Gun Parts, that operate e-commerce sites have disclosed data breaches resulting from card skimmer infections on their sites. Credit card skimmers are malicious JavaScript code either embedded on the sites or fetched from a remote resource by a seemingly innocuous element, such as a favicon.
Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code. Skimming gangs obfuscate their code snippets, inject them into image files, and masquerade them as popular web applications to evade detection.
A new FLASH report from the FBI warns about cyber actors scraping credit card data from compromised online checkout pages from US businesses. According to the FBI, a US business was targeted in September 2020 by an unidentified threat actor, who inserted malicious PHP code into the checkout page of the targeted company website.
The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites. Php in an attempt to inject malicious code into the checkout.
Google on Wednesday took to its annual developer conference to announce a host of privacy and security updates, including support for virtual credit cards on Android and Chrome. "When you use autofill to enter your payment details at checkout, virtual cards will add an additional layer of security by replacing your actual card number with a distinct, virtual number," Google's Jen Fitzpatrick said in a statement.
Credit card skimming is a technique that consists of using malicious code installed on compromised merchant websites to steal credit card information sent by the website's customers when they complete online payments. Once the attacker has access to the website's content, they need to add malicious code to steal the credit card information provided by the unsuspecting customers.
A credit card stealing service is growing in popularity, allowing any low-skilled threat actors an easy and automated way to get started in the world of financial fraud. Once a purchase is made, these malicious scripts steal the credit card details and send them back to remote servers to be collected by threat actors.
The Ukrainian cyberpolice have arrested a group of phishing actors who managed to steal payment card data from at least 70,000 people after luring them to fake mobile service top up sites. According to the announcement from law enforcement, the actors used the stolen information to empty their victims' bank accounts.
BleepingComputer has confirmed Element Vape, a prominent online seller of e-cigarettes and vaping kits was serving a credit card skimmer on its live site, likely after getting hacked. With its presence across the U.S. and Canada, Element Vape sells e-cigarettes, vaping devices, e-liquids, and CBD products in both retail outlets and on their online store.