Thursday, December 19, 2024
Homecyber securityAlert! Hackers Running Thousands of Fake Webshops : 850,000+ Cards Stolen

Alert! Hackers Running Thousands of Fake Webshops : 850,000+ Cards Stolen

Published on

SIEM as a Service

A sprawling cybercrime network, “BogusBazaar,” has stolen credit card details from over 850,000 online shoppers, mainly in Western Europe and the United States, by operating tens of thousands of fraudulent e-commerce websites.

Security researchers estimate that since 2021, the hackers have processed over 1 million fake orders totaling more than $50 million.

Document

Free Webinar : Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise:

- Advertisement - SIEM as a Service

Key Takeaways:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Start protecting your APIs from hackers

Most fraud victims are from Western Europe and the USA
Most fraud victims are from Western Europe and the USA

According to the SRLabs report, the criminal group lures victims to bogus online stores, frequently using expired domains that previously had good Google rankings.

The fake shops, primarily offering name-brand shoes and clothing at steep discounts, harvest customers’ payment information through spoofed checkout pages.

Sometimes, hackers also charge fraudulent amounts to stolen cards.

“When ordering online, a deal that sounds too good probably is,” cautioned a spokesperson for the security research team that uncovered the BogusBazaar operation.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Services like Fakeshop Finder can help consumers verify the legitimacy of unfamiliar e-commerce sites.

Fraud-as-a-Courtesy: How the Cybercrime Ring Operates

Rather than directly running all 75,000+ fake stores, BogusBazaar functions like a criminal “franchise”:

  • A core team manages the technical infrastructure, including deploying ready-made fake shops using customized WordPress and WooCommerce plugins
  • A decentralized network of “affiliates”, believed to be primarily based in China, handles the day-to-day operations of the bogus stores.

This separation of responsibilities makes the fraud ring more resilient to disruption by law enforcement.

Fake web shops are set up semi-automatically using WordPress.
Fake web shops are set up semi-automatically using WordPress.

Uncovering the Hackers’ Infrastructure

The security researchers found that each BogusBazaar server typically hosts around 200 fake shops.

The stores’ public-facing presences are protected behind Cloudflare, while payments are processed through gateways like PayPal and Stripe.

Over time, the criminals have developed sophisticated automation to rapidly set up new storefronts and swap out payment pages to evade detection and takedowns.

This technical agility has allowed the fraud network to operate unimpeded for years.”

Our insights will enable infrastructure providers, payment companies, and search engines to identify and prevent this kind of large-scale abuse in the future,” said the research team lead.

Findings have been shared with relevant authorities, and some BogusBazaar shops are already offline.

 Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure

In a joint cybersecurity advisory, the FBI, CISA, NSA, and partner agencies from Canada,...

Next.js Vulnerability Let Attackers Bypass Authentication

A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows...

CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies

In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency...

Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely

Fortinet, a global leader in cybersecurity solutions, has issued an urgent security advisory addressing...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure

In a joint cybersecurity advisory, the FBI, CISA, NSA, and partner agencies from Canada,...

Next.js Vulnerability Let Attackers Bypass Authentication

A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows...

CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies

In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency...