According to BankInfoSecurity, hackers are using simple Base64 encoding strings in conjunction with a bot that is sweeping up the payment card information, while including a code that accesses Telegram to remove the payment card data. Therefore, Base64 enables the payment card data to be taken without security tools picking up the theft. Although other cybercriminals have previously used Telegram to distribute malware and steal data, the first time when fraud was detected on this channel was in August 2020 by security researcher AffableKraut.
Moreover, in the majority of skimming attacks, the payment card data is stored within a domain or file controlled by the attackers and then exfiltrated using a command-and-control infrastructure that communicates with a JavaScript code. However, the attacks leveraging Telegram use encryption in conjunction with a Telegram channel to create a faster and more efficient exfiltration process.
Consequently, when the shopper enters his payment information on an ecommerce site, that information is transferred to a payment processor, as usual, but a copy is also sent to the fraudsters. By using Telegram, hackers can quickly collect the payment card data and use it to purchase goods or sell it on underground forums, method which helps fraudsters to avoid detection.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.