News

Fraudsters turn to Telegram app to steal payment card data

Thursday 3 September 2020 12:05 CET | News

Malwarebytes has revealed that some fraudsters are using the encrypted instant messaging app Telegram to steal payment card data from ecommerce sites.

According to BankInfoSecurity, hackers are using simple Base64 encoding strings in conjunction with a bot that is sweeping up the payment card information, while including a code that accesses Telegram to remove the payment card data. Therefore, Base64 enables the payment card data to be taken without security tools picking up the theft. Although other cybercriminals have previously used Telegram to distribute malware and steal data, the first time when fraud was detected on this channel was in August 2020 by security researcher AffableKraut.

Moreover, in the majority of skimming attacks, the payment card data is stored within a domain or file controlled by the attackers and then exfiltrated using a command-and-control infrastructure that communicates with a JavaScript code. However, the attacks leveraging Telegram use encryption in conjunction with a Telegram channel to create a faster and more efficient exfiltration process.

Consequently, when the shopper enters his payment information on an ecommerce site, that information is transferred to a payment processor, as usual, but a copy is also sent to the fraudsters. By using Telegram, hackers can quickly collect the payment card data and use it to purchase goods or sell it on underground forums, method which helps fraudsters to avoid detection.

Furthermore, it was stated that blocking this type of attack is difficult because even if ecommerce companies cut access to Telegram channels on the network level, the cybercriminals are still enabled to switch to another type of secure platform to help with the skimming, BankInfoSecurity reported.

More: Link


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Malwarebytes, fraudsters, Telegram, payment card data, ecommerce, Base64, bots, cybercriminals, malware, AffableKraut, skimming attacks, encryption
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions