18 May Hackers Clone Icon Website to Steal Credit Card Information
Malwarebytes reported in early May that they had detected a novel method scammers are using to steal credit card data. Visitors to an icon website were unaware that the purchase form they were filling out was delivering their credit card information and personal details to cyber crooks. The scam is particularly insidious because, to the average user, it is almost undetectable.
The Malwarebytes team unearthed the scam when they noticed that the favicon for the shopping CMS Magento was being by loaded by ecommerce websites from the myicons[.]net domain. That domain raised a red flag was. It had been registered only a few days previously, and was hosted on a server that had already been identified as part of a web-skimming campaign. Once their suspicions were raised, Malwarebytes dug a little deeper and realized the website was using an iframe to pull in the content from a legitimate website, iconarchive.com. That means that visitors to myicons[.]net have little forewarning that the website is malicious.
A New Threat
While the myicons scam is unique, it’s shows the increasing sophistication on the part of cyber crook. ZDNet reports two examples: one in which scammers created 28 fake ad agencies to deliver malicious web ads on thousands of websites, and another in which a company registered in Canada provided remote access software that proved to be trojan malware.
So how can you protect yourself? TechRepublic asked just that when they interviewed Aanand Krishnan, founder and CEO of Tala Security. Krishnan estimates that hundreds of thousands of websites are compromised with Magecart scams, and the scams may go undetected for several months. He also feels that the responsibility for addressing the problem lies with the ecommerce websites and financial institutions completing the transactions. His advice for consumers is threefold: be aware of the scam; check your credit card accounts frequently for odd transactions; and follow best practices in your online habits. (Don’t click on unknown or suspicious emails, don’t download free software you don’t need and hasn’t been vetted, and clean out browser extensions.)
Jerome Segura, director of threat intelligence for Malwarebytes, also recommends that ecommerce customers use payments that don’t involve filling out their credit card information every time they make a purchase. Malwarebytes also offers a real-time web security module in both their desktop software and in their Browser Guard extension for Chrome and Firefox.