Credit Card Skimmer

Hundreds of online web stores that sell counterfeit goods are affected by credit card skimmer that aimed to steal the customer credit card details.

Several counterfeit online shoe stores offer great deals for the popular brands, most of them are a fraud and these fraud stores attract another fraudulent activity now.

Credit Card Skimmer Injected on Online Shoe Stores

Malwarebytes identified a number of fraudulent sites that selling branded shoes that are infected with the credit card skimmers.

These skimmers get injected with the checkout page of the stores and they are capable of grabbing a credit card and personal details entered in the checkout pages of the website. The injected skimmers collect the details from the checkout pages and sent them to the attacker-controlled websites.

Credit Card Skimmer
Skimmer Code

The fraudulent sites receive traffic from forums and through social media, “Crooks troll sporting and fitness forums and leave messages to entice users to visit the fake store.”

Here you can find some of the counterfeit site ads that selling popular brand stores such as Adidas, Nike, and other big brand name sneakers.

The obfuscated skimmer found to be injected with several Magento stores and the stolen data including billing addresses and credit card numbers is sent to a server hosted in China 103[.]139[.]113[.]34.

Credit Card Skimmer
Botnet IPs used to Compromise Websites

All the websites compromised are exploited using the same outdated software Magento under 1.9.4.2 and PHP under 5.6.40. “It’s likely a malicious scanner simply crawled those IP ranges and used the same vulnerability to compromise every one of those counterfeit sites.”

It is always recommended to buy the tickets from the official website, venue’s box office, reputable ticketing website or through official agent or partner.

Beware of the Fake apps and websites that promise you to get additional discounts, these bogus apps may enter into official play store also, be careful while installing those apps.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Leave a Reply