Hackers Target Counterfeit Sneaker Websites for Credit Card Info

The internet is full of all kinds of deals and offers, but while many of them are legitimate, provided by the brands that everyone knows and appreciates, there are many scammers out there, as well. These are criminals who are trying to sell fake merchandise and make quick money.

Hackers infect hundreds of counterfeit sneaker sites to steal credit cards https://t.co/2eYIgSuER0 pic.twitter.com/qOvuDBIm5r

— Forbes (@Forbes) December 11, 2019

Too Good to Be True

There is seemingly an endless number of such stores, and whenever one gets shut down, a number of new ones emerge. They always offer deals that seem too good to be real, which is pretty much what they are. If the user falls for the fake offer, they would pay for the goods in advance, often discovering that the received item was cheaply made, or that it doesn’t match their order. That is if the item ever even arrives at their doorstep. Normally, this would be bad enough. However, according to a recent report by Malwarebytes researchers, there is a new layer to the scam, and it involves credit card-stealing malware.

Hackers Targeting Scammers Websites

The security firm’s report claims that a number of counterfeit sneaker shops are infected, likely due to the fact that they run an outdated option of Magento. This is an e-commerce platform that is rather popular with online merchants, as it is easy to set up and list merchandise. However, if the shop uses a version that doesn’t include new updates, some patched-up vulnerabilities often remain. According to Malwarebytes, hackers often seek out those flaws, that are usually publicly disclosed after the patches become available. Cybercriminals use automated hacking tools that automatically identify flawed websites, which they then inject with card-skimming code. The company did not reveal how many of these counterfeit websites are now malicious, but they did say that there are hundreds of them. Furthermore, it is worth noting that those are just the ones they track. Not only that, but the number of new stores is constantly on the rise, as well, meaning that even these numbers are likely already outdated. As for the identity of the hackers that are targeting scammers’ websites, there are many different groups that are targeting them. These groups often target Magecart, which is what allows them to steal credit card info and upload it to their own servers. Meanwhile, researchers suggest that users protect themselves simply by avoiding offers that seem too good to be true.

---

Images are courtesy of Pixabay, Shutterstock, Twitter.