Threat Watch

Magecart Attack Compromises Mobile Provider

The Magecart group Fullz House has injected the website of a mobile service provider with a credit card stealer. Magecart is the umbrella term used for all cyber-related crime groups that use malware and other malicious scripts to steal credit card information from any website that can have credit card information imputed into it. This most recent attack was targeted at users of the US Mobile Virtual Network Operator (MVNO) BOOM! Mobile. The group used a card skimmer on BOOM! website to exfiltrate card data that was entered onto the website. A single line of code disguised as a Google Analytics script loads an external JavaScript library to steal the card data. Malwarebytes identified the attacks but did not discover the exact way the group infiltrated the website. Email attacks were also seen in conjunction with the skimming code. As previously reported by researchers at RiskIQ, Fullz House is known to use skimmer and phishing emails to steal both credit card data that is entered into websites and data that is provided to the threat actor via the phishing email.

ANALYST NOTES

Magecart attacks saw a spike in the early months of 2020 because of the increase in online shopping due to COVID-19. Attacks from various Magecart groups were seen throughout 2020 up to this point and will continue as online shopping continues to grow and people move towards using websites and applications to pay for various services. To prevent fraudulent charges by Magecart or any other credit card thieves, consumers should sign up for one-time user credit cards which can be purchased through verified services or some banks. These services allow the consumer to purchase a pre-loaded credit card that can only be used once or used multiple times but has a balance of zero until the money is added to it. By keeping the balance at zero, if the card were to be compromised, an attacker would not be able to purchase anything with the number. One-time use cards provide the buyer with a credit card number that expires after the purchase. Though these cards may seem like a hassle for many, they do not take that much time to register for and will relieve consumers of the stress that could be caused by having a card compromised. With the biggest shopping day(s) of the year rapidly approaching, and the threat from COVID-19 still looming, many will use online shopping during the holiday shopping season, leaving a huge market for card stealing cybercriminals.

More can be read here: https://www.bleepingcomputer.com/news/security/hacker-group-compromises-mobile-provider-to-steal-credit-cards/