Magecart Scripts Steal Credit Card Info On Counterfeit Sneaker Sites

By   ISBuzz Team
Writer , Information Security Buzz | Dec 13, 2019 04:29 am PST
Sites selling counterfeit kicks have sprung up to capitalize on demand for the latest Nike and Adidas sneakers. To add insult to injury, hackers are now targeting these sites to install malicious Magecart scripts that also steal your credit card information.
Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jason Kent
Jason Kent , Hacker in Residence
December 13, 2019 12:33 pm

Circular flows in any system are interesting to watch and see how they follow one another. The stolen credit card sold by a carder is used to purchase a desirable item (like sneakers); that item is then sold on a legitimate site (possibly Ebay) for market value, thus laundering the transaction and creating value for the malicious merchant. The legitimate site is then compromised by an attacker using a program to scrape credit cards which the carder will then sell to someone that will buy a desirable item.

The impact of this can be that a fake shortage can exist on the original inventory of the desirable item, causing another market to be created in knockoffs. Now the carders are trying to get into the sites of the knockoff market, creating another database of cards for sale. No doubt those cards will be sold and transactions laundered in some other part of the market, perhaps creating another shortage and another opportunity for the attackers.

Inventory takeover attacks to drive the market can cause the same impact; shortages on desirable items can then be controlled and the fraudulent sites can be put in place before the bots start the shortage and create the market in their favor. A well-organized team could drive the demand and orchestrate the shopping experience to create a carding service that fed itself.

Last edited 4 years ago by Jason Kent

Recent Posts

Would love your thoughts, please comment.x