A more hideous and stealthily scheme has been unraveled by cybersecurity experts involving the Magecart blackhat group activity. Known to be adept with stealing financial information through compromised e-businesses companies, Magecart is now using messaging apps such as Telegram Messenger to deliver stolen credit card information to their devices and then will be sold to the black market.
According to the analysis report, Magecart threat actors exploit the Telegram Messenger app to deliver to them the victim’s card information. Adversaries will initiate the attack by injecting malicious codes into the targeted online business company. Once the victim clicks on the page to process his payment, the malicious code will run and capture the details entered by the victim. The information will then be sent via Telegram, real-time to the hacker. They will be used to purchase goods on the black market at ease without taking additional time to decrypt stolen data like on their previous scheming from a controlled server.
Since most e-business companies are built with a security defender to block images captured be transferred to unknown locations as a result of previous attacks, this move of sending stolen information through a messaging app is an ingenuine approach due to the legitimacy of the app. With the new scheme of form jacking, any defender is not yet equipped to halt this modus, and attackers will be enjoying this for some time.
A further advantage of these adversaries is they no longer need to work on additional codes for the delivery of the stolen data, and exposing controlled domain be shut down as this is now being placed by Telegram.
Cybersecurity experts may mitigate to deny service to the Telegram app. Still, they will take time before this can be done to all possible messaging apps that are being exploited that the adversaries may use spontaneously due to different apps coding patterns.
This only shows that adversaries always find a way to their hideous deeds is in motion. The evolution of schemes and medium to pave their way to the targeted online business and the victim is highly commendable. Such ingenuity of exploiting Google Analytics and other Google services as they were able to find the app’s vulnerabilities despite being whitelisted on many security applications is again something to noteworthy about these cyber-criminals. This is a reality that if these adversaries can see flaws in a whitelisted app, cybersecurity experts and developers should also proactively devise countermeasures for such malicious activity to keep up on the phase.
