Tag Archive for: credit

Hacking Tools, Stolen Credit Cards Advertised on Facebook Groups

/in


(Bloomberg) — One user offered hacking services, both ethical and not. Another claimed to be able to change school grades. And several others peddled stolen credit cards and IDs.

Such illegal products and services have long been offered on the dark web, a murky section of the internet that’s populated with illicit forums. But these offers were being made on Facebook, despite repeated efforts by the social media giant to curb illegal behavior on its site.

A Bloomberg News analysis found more than 45 groups and pages — with more than 1 million combined members — where the spoils of cyber crimes and the tools needed to carry them out were offered for sale. Some of the sites were revealed by Facebook’s own discovery mechanism, which recommends groups based on those who have already joined, but Bloomberg discovered others through keyword searches and referrals from other groups. 

Among the most common were hacking-for-hire services, with 11 of the groups and pages specifically dedicated to facilitating the practice, including three with more than 100,000 members. Those groups averaged between 12,000 and 18,000 posts per month, according to data from the Facebook-owned analytics platform CrowdTangle. One tool, listed on a group called Hacker Hub, promises to deliver credentials for popular social media sites and victims’ financial information. 

Alexander Leslie, a researcher at the threat intelligence firm Recorded Future Inc., said the volume of illicit offers on Facebook “way, way overshadows what we see on the dark web in other forums that deal with similar content.”

While hardly definitive given Facebook’s massive size, the Bloomberg analysis indicates the social media platform’s efforts to stop illicit behavior haven’t kept pace. The company now known as Meta Platforms Inc. removed the content in question when reached by Bloomberg News. 

“We take significant steps to stop criminal activity on our platforms and have removed this content,” a spokesperson said via email. “We invest heavily in technology to tackle illegal content and we encourage people to report activity like this to us and the police, so we can take action.”

Since its earliest…

Source…

Emotet Malware Gang Targets Chrome-based Credit Card Data

/in


Beware!

The Emotet malware gang, the criminals behind the Emotet botnet, are now targeting Chrome-based credit card information. According to the BleepingComputer, Emotet is using a credit card stealer module to steal credit card information that are available in Google Chrome browser

The gang became famous for being a banking trojan. They then evolved into spamming and malware delivery.

Emotet Malware Gang Targets Chrome-based Credit Card Data

(Photo : Michael Geiger via Unsplash)

Emotet Malware Gang is Back

The researchers with cybersecurity vendor Proofpoint’s Threat Insight team stated that once the user’s credit card data is exfiltrated, it will then be sent by the malware to command-and-control (C2) servers. This is not the same with the one the card stealer module uses.

The targeting of credit card data showcased Emotet’s return. In January 2021, the Europol together with the law enforcement from countries such as the United States, the UK and Ukraine wiped out the Emotet’s infrastructure. With this, the agencies hoped they had put a rest to the malware threat.

However, starting November 2021, there have been reports from the threat intelligence groups that there are indications that Emotet had returned. The gang is “attributed to the TA542 threat group, also known as Mummy Spider and Gold Crestwood,” according to The Register.

“The notorious botnet Emotet is back, and we can expect that new tricks and evasion techniques will be implemented in the malware as the operation progresses, perhaps even returning to being a significant global threat,” Ron Ben Yizhak, security researcher with cybersecurity vendor Deep Instinct, wrote in a blog post in November, as cited by The Register.

It didn’t take long for Emotet to return to their criminal activities. In April 2022, Emotet was the top global malware threat, according to Cybersecurity firm Check Point. They had already affected six percent of the companies worldwide.

The group’s resurgence was also spotted by security software vendor Kaspersky in April. Kaspersky observed “a significant spike in a malicious email campaign designed to spread the Emotet and Qbot malware.” In fact, from 3,000 emails in the campaigned in February, it jumped to about 30,000 a month…

Source…

Caramel credit card stealing service is growing in popularity

/in


Credit card on a laptop

A credit card stealing service is growing in popularity, allowing any low-skilled threat actors an easy and automated way to get started in the world of financial fraud.

Credit card skimmers are malicious scripts that are injected into hacked e-commerce websites that quietly wait for customers to make a purchase on the site.

Once a purchase is made, these malicious scripts steal the credit card details and send them back to remote servers to be collected by threat actors.

Threat actors then use these cards to make their own online purchases or sell the credit card details on dark web marketplaces to other threat actors for as little as a few dollars.

The Caramel skimmer-as-a-service 

The new service was discovered by Domain Tools, which states that the platform is operated by a Russian cybercrime organization named “CaramelCorp.” 

This service supplies subscribers with a skimmer script, deployment instructions, and a campaign management panel, which is everything a threat actor needs to launch their own credit card stealing campaign.

The Caramel service only sells to Russian-speaking threat actors, using an initial vetting process that excludes those using machine translation or are inexperienced in this field.

A lifetime subscription costs $2,000, which is not cheap for budding threat actors, but promises Russian-speaking hackers full customer support, code upgrades, and evolving anti-detection measures.

Caramel skimmer deployed on a Nigerian site
Caramel skimmer deployed on a Nigerian site (Domain Tools)

The sellers make unverified claims that Caramel can bypass protection services from Cloudflare, Akamai, Incapsula, and others.

The buyers are provided with a “quick start” guide on JavaScript methods that work particularly well in specific CMS (content management systems).

As the credit card skimming scripts are written in JavaScript, Caramel offers subscribers a variety of obfuscation techniques to prevent them from being easily detected.

The Caramel JS obfuscator tool
The Caramel JS obfuscator tool (Domain Tools)

The credit card data collection is done through the “setInterval()” method, which exfiltrates data between fixed periods. While this doesn’t seem like an effective method, it can help steal details of even abandoned…

Source…

Right time, right place: opportunities for banks and credit unions with Buy Now, Pay Later

/in


Since the birth of currency, the use of credit has been essential to empowering consumers to obtain goods and services immediately while delaying their financial obligation to pay that debt back.

In the mid-20th century, with the advent of national and global payment card brands, more consumers could access greater lines of credit more quickly and spend on those balances in more places. Today, the connectivity of consumers, via mobile devices, has enabled the meteoric growth of Buy Now, Pay Later (BNPL) as one of the fastest growing methods for payment at checkouts online and in store.

Consumers have numerous options when it comes to selecting a BNPL service provider. Many of the largest banks offer BNPL-style payment methods, as well as American Express, PayPal, and Apple. There are also quite a few pure players to choose from, including the likes of Klarna, Affirm, and Afterpay.

Essentially, these services are offering zero-percent interest, short-term loans to their customers with an installments-based payback period of several weeks or months. Typically, the BNPL provider will charge a service fee to the merchant, and late fees and/or interest for late payment. Offering this type of payment method gives merchants that ability to offer a low-friction, delayed payback option to people who may or may not have a credit card, which can grow ticket value and volumes.

BNPL payment methods are most common when purchasing big ticket items; however, as more and more e-commerce and retail stores onboard BNPL providers and capabilities, the transaction volume will continue to broaden. It’s possible that the dramatic growth of BNPL as a payment method is in part driven by how the types of products consumers purchasing through the pandemic have shifted to categories more apt for a short-term lending contract — home goods (furniture, air purifiers, appliances) and home office items (laptops, desks, monitors). With more money being spent online, where BNPL found the earliest traction, the numbers of consumers they were able to serve grew. Conversely, credit cards may have suffered disproportionately given travel, dining, and big events were severely curtailed.

All of this is to say,…

Source…