An SEO poisoning campaign from 2020 is actively attacking popular e-commerce stores. The online store attack exclusively depends on “search engine optimization” strategies to target users worldwide.
The campaign has been active since 2020, and researchers noted that it is an operation of China-based cybercriminals. The researchers also indicated that the attack targeted approximately 617 e-commerce stores in Chile, Mexico, Columbia, Spain, Portugal, France, and Italy.
The odd thing about this campaign is although it was an attack that originated two years ago, 562 out of the 617 actively affected shopping platforms are from this year.
Threat actors have hijacked the Google search results to execute the SEO poisoning attack.
The threat actors’ SEO poisoning attacks typically start by hijacking Google search results to set up their malicious domain. After setting the domain, it will be shown by the browser at the top search results via Google Ads.
On a related matter, social media sites such as Instagram and Facebook were also seen by researchers being exploited by threat actors to boost their malicious ads.
Once a target lands on these compromised pages, they will be instructed by the site to share their details, which cybercriminals can use to deploy other kinds of illegal activities.
The analysts indicated that the stolen information obtained by the threat actors is essential data such as names, addresses, mobile numbers, email ads, passwords, credit card details, and intel regarding the order and tracking code of the package.
The content of the hacker-operated websites are clones of the targeted official stores that are based on a static CMS and PHP API. The API then links with a MySQL cluster in the background of the compromised site.
The threat actors create every infected website on a generic platform where minor changes of templates and images would enable code reuse for different e-commerce stores.
As of now, online scams are actively targeting online stores and e-commerce sites. These campaigns are becoming a trend since most entrepreneurs turn their stores into online businesses that minimize physical contact that also address the Covid-19 situation.
Experts suggest that users should cross-check the URL addresses before visiting any online shop since it will play a pivotal role in the early detection of such threats to avoid financial losses.
