A credit card stealing service propagates to aid Russian hackers

May 10, 2022
Credit Card Stealing Card Skimming Russian Hackers Dark Web E Commerce CaramelCorp

Threat actors, even those who do not have the advanced skills in propagating cybercrime, can easily perform financial fraud through credit card stealing services. A vital part of this service is for credit card skimming campaigns, where e-commerce sites are hacked and injected with malicious scripts that could compromise the financial data of the customers who buy on the website.

Upon purchasing, the hackers will use the malicious scripts they injected to steal people’s credit card credentials and send them to their C2 servers. The hackers can use the stolen financial information either by keeping them and making online purchases or selling them on underground marketplaces for some profit.

Researchers shared that a cybercriminal group was operating a new credit card stealing service from Russia called CaramelCorp. The malicious service aids its subscribers with tools such as the skimmer script, deployment guide, and campaign management panel. These tools are essential for a credit card stealing operation for independent hackers to perform their attacks.

 

The credit card stealing service aids Russian-based threat operators exclusively through an initial selection process that eliminates inexperienced clients and those that use translators.

 

For a lifetime subscription, the clients of the malicious service can subscribe for $2,000. Despite being an expensive amount, it promises clients full customer support, up-to-date code upgrades, and an effective anti-detection feature. Though still unproven, the credit card stealing service claim that it can evade security detections from prominent cybersecurity firms such as Cloudflare and Akamai.

With a so-called ‘quick start guide’ via JavaScript-written methods, the service’s buyers will be given these tools that could assist them in several obfuscation techniques to evade security detection.

Moreover, the ‘setInterval()’ method will be utilised by the threat actors for the credit card details acquisition, which involves the exfiltration of data within fixed periods. Some experts say that this specific method is ineffective. However, it could be helpful in the long run since the method can steal the data of even those that have abandoned their accounts or has incomplete purchases.

The campaign management panel will then help with the overall administration, where the clients can monitor compromised online shops, manage the stolen data, and all other important aspects included in the credit card stealing service.

Since credit card skimming campaigns have been widespread for a long time, e-commerce customers are strongly advised to use one-time private cards on their user accounts, set up charging limits, or ideally use online payment platforms instead of credit cards when making purchases.

About the author

Leave a Reply