Threats Tagged 'card skimming'

A sophisticated fraud campaign originating from China targets FIFA World Cup 2026 attendees by deploying high-fidelity clones of FIFA ticketing websites. The threat actors use typosquatted domains and a multi-tenant phishing infrastructure to intercept payment card details and bypass SMS-based two-factor authentication in real time. The operation includes a distributed reseller ecosystem with at least 15 active operator instances and primarily leverages Facebook and Instagram in-app browsers for traffic. The core payment routing hub involved lacks financial regulatory authorization and has a history of malicious activity.

A sophisticated multi-stage carding attack on a Magento eCommerce website has been uncovered. The malware used a fake gif image file, local browser sessionStorage data, and a malicious reverse-proxy server to steal credit card data, login details, cookies, and other sensitive information. The attack targeted an outdated Magento 1.9.2.4 installation, exploiting its lack of support and security vulnerabilities. The malware injected JavaScript code disguised as Bing tracking code and utilized a tampered payment file to create a user-specific attack. This advanced technique allowed the attackers to intercept and manipulate all website traffic while remaining undetected by victims and administrators.

MediumCampaignGermanyFranceNetherlands+4#reverse-proxy#multi-stage attack#javascript injection