The ongoing COVID-19 pandemic has left a profound impact on the payments ecosystem threat landscape throughout 2020 and into 2021. With online shopping witnessing a surge bigger than ever, digital skimming attacks have become a top threat for the payments ecosystem.
A simple digital skimming attack involves injecting malicious code into a merchant’s site to harvest payment card details from the site’s checkout page. However, in the past year, there has been a vast evolution in the injection process and skimmer code as well. To add to the trouble, a new threat actor has emerged lately with new tricks up its sleeve.
The Discovery of MobileInter
In May, researchers discovered a new skimmer called MobileInter that focused exclusively on mobile users.
- Researchers reported that this new customized malware is proof that Magecart operators are looking for opportunities to spread their attacks to a wider range of victims.
- Upon being executed on a user’s mobile phone, the malware performs various checks to ensure that it is skimming a transaction made on a mobile device.
The Twist
A month after, researchers came up with new details related to the MobileInter skimmer.
- They identified several websites, services, and social media accounts connected to an authentication activity known as bit2check, a part of the card-skimming network.
- Some bit2check domains shared the same hosting pattern as Magecart domains used for abusing Alibaba and Google hosting services. Moreover, these domains were promoted via Telegram channels such as ‘realcvvshoplv’.
- Upon further analysis, researchers found that the individual behind bit2check is a Kurdish actor called Hama.
- The threat actor was discovered to have a network of other websites, including credit card validators and stolen credit card data businesses.
The discovery of Bit2check, according to researchers, is just another wheel in the huge card skimming industry, catering to skimmers looking to authenticate their loot or buy more stolen data.
With the advent of a new dimension to the ever-expanding skimming threat landscape, it’s become more important than ever for retailers to beef up their cybersecurity. Skimming dangers lurking within websites and applications can be exposed with the correct security measures in place.
To read more, please check eScan Blog
