Hackers associated with the “Fullz House” group have compromised the website of Boom! Mobile and planted a web skimmer, Malwarebytes reports.
The victim, an Oklahoma-based wireless services provider, claims to deliver great customer service and transparency to its users, all without contract. The mobile phone plans it sells work on other big networks in the country.
Initially detailed in November 2019, Fullz House has been active for over a year, focused either on phishing for personally identifiable information, banking credentials, and banking card data, or on skimming or phishing card data from ecommerce sites.
The two parts forming this group’s activity are split, but security researchers did observe in the past overlaps in infrastructure (including overlaps between the infrastructure used for sales operations and that employed for stealing data).
The attack on Boom! Mobile, Malwarebytes reveals, involved the injection of one line of code containing a Base64 encoded URL designed to load a JavaScript library from a remote domain used in a previous attack.
The injected URL, Malwarebytes’ security researchers say, loads a fake Google Analytics script which is nothing more than a credit card skimmer designed to find specific input fields and exfiltrate data from those fields.
“This skimmer is quite noisy as it will exfiltrate data every time it detects a change in the fields displayed on the current page. From a network traffic point of view, you can see each leak as a single GET request where the data is Base64 encoded,” the researchers explain.
Malwarebytes also explains that the attackers have registered a large number of new domains in late Sept ..
Support the originator by clicking the read the rest link below.
