Category Archives: Gemini Advisory

Russian Govt. Continues Carding Shop Crackdown

Posted on by

Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown — the second closure of major card fraud shops by Russian authorities in as many weeks — comes closely behind Russia’s arrest of 14 alleged affiliates of the REvil ransomware gang, and has many in the cybercrime underground asking who might be next. Continue reading Russian Govt. Continues Carding Shop Crackdown

Magecart scammers aim at restaurants’ online delivery systems

Posted on by

Cybercriminals are increasingly targeting third-party infrastructure that restaurants across the U.S. use to place online orders, private investigators have found. The last six months have seen hacks of five online ordering platforms, exposing some 343,000 payment cards, threat intelligence firm Gemini Advisory said on April 29. With titles like MenuSifu and Food Dudes Delivery, the platforms may not be household names, but hundreds of restaurants use the platforms — and crooks know it. The coronavirus pandemic has only heightened criminals’ interest in online payment systems as people order delivery from restaurants in droves. “Attacks such as these are appealing because breaching the website of a single online ordering platform can compromise transactions at dozens or even hundreds of restaurants,” Gemini Advisory analysts wrote in a blog post. One of the breaches tracked by Gemini Advisory saw the attacker use an attack technique known as Magecart, which involves planting malicious code […]

The post Magecart scammers aim at restaurants’ online delivery systems appeared first on CyberScoop.

Continue reading Magecart scammers aim at restaurants’ online delivery systems

Magecart scammers aim at restaurants’ online delivery systems

Posted on by

Cybercriminals are increasingly targeting third-party infrastructure that restaurants across the U.S. use to place online orders, private investigators have found. The last six months have seen hacks of five online ordering platforms, exposing some 343,000 payment cards, threat intelligence firm Gemini Advisory said on April 29. With titles like MenuSifu and Food Dudes Delivery, the platforms may not be household names, but hundreds of restaurants use the platforms — and crooks know it. The coronavirus pandemic has only heightened criminals’ interest in online payment systems as people order delivery from restaurants in droves. “Attacks such as these are appealing because breaching the website of a single online ordering platform can compromise transactions at dozens or even hundreds of restaurants,” Gemini Advisory analysts wrote in a blog post. One of the breaches tracked by Gemini Advisory saw the attacker use an attack technique known as Magecart, which involves planting malicious code […]

The post Magecart scammers aim at restaurants’ online delivery systems appeared first on CyberScoop.

Continue reading Magecart scammers aim at restaurants’ online delivery systems

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Posted on by

Someone is selling account information for 21 million customers of ParkMobile, a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, phone numbers, license plate numbers, hashed passwords and mailing addresses. Continue reading ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

Posted on by

ValidCC, a dark web bazaar run by a cybercrime group that for more than six years hacked online merchants and sold stolen payment card data, abruptly closed up shop last week. The proprietors of the popular store said their servers were seized as part of a coordinated law enforcement operation designed to disconnect and confiscate its infrastructure. Continue reading ‘ValidCC,’ a Major Payment Card Bazaar and Looter of E-Commerce Sites, Shuttered

Joker’s Stash Carding Market to Call it Quits

Posted on by

Joker’s Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers. Continue reading Joker’s Stash Carding Market to Call it Quits

A ‘coordinated police’ action against the Joker’s Stash took a small domain offline

Posted on by

An ongoing law enforcement operation has disrupted aspects of a leading website where internet scammers frequently buy and sell stolen data, according to the site’s administrators and multiple sources with visibility into the site.  A message posted Thursday on a forum at the Joker’s Stash, a marketplace where members have previously listed millions of payment cards stolen from U.S. restaurant chains, notifies members that “these bastards busted” an “external proxy server” connected to a section of the site. Other aspects of Joker’s Stash remained functioning normally at press time Thursday, though one researcher suggested the action represented a kind of warning to the site that has facilitated fraud since at least 2015.  “This relates to a coordinated police operational activity that is ongoing, and at this time we are not in a position to comment,” Interpol, the inter-governmental law enforcement organization based in France, said in an email. The affected […]

The post A ‘coordinated police’ action against the Joker’s Stash took a small domain offline appeared first on CyberScoop.

Continue reading A ‘coordinated police’ action against the Joker’s Stash took a small domain offline

Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says

Posted on by

Stolen credit card numbers sometimes spill onto the dark web for the most mundane reason: People carelessly give them up. According to researchers with Gemini Advisory, a China-based e-commerce scam appears to be harvesting payment information not through direct hacks on companies or using pernicious malware to skim data, but with a simpler approach. The fraudsters set up hundreds of websites that appear to sell legitimate goods, but instead capture card numbers for sale on the dark web, Gemini says. It ends up being a double-dip for the crooks: In addition to vending the card data and other information about shoppers in cybercriminal forums, they also collect money for items that are “faulty, counterfeit, or nonexistent,” Gemini says in a report published Thursday. The dark web sales have led to profits upwards of $500,000 over the past six months, but the total take is “likely significantly larger,” considering all the money the scammers […]

The post Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says appeared first on CyberScoop.

Continue reading Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says

Cybercriminal offers email implant software that dodges traditional security platforms

Posted on by

Imagine if cybercriminals didn’t have to send a malicious email for their victims to get the message anyway. That’s a tool one hacker is advertising on a dark web forum, according to research Gemini Advisory released Wednesday. And because the email can be implanted rather than sent, it has the potential to bypass  security that inspects messages as they’re en route to their destination server, researchers said. “The software poses a significant threat as it raises the success rate of malware attacks, allows for more sophisticated phishing and business email compromise (BEC) campaigns, and opens the door for technically simple ransomware-like attacks,” according to a blog post from the Miami-based threat intelligence company. The trick to implanting the email via the “Email Appender” software goes like this, Gemini Advisory explained: First, attackers must obtain valid email addresses and associated passwords, often available on the dark web at a low cost. Then the attacker has to upload the compromised credentials into Email […]

The post Cybercriminal offers email implant software that dodges traditional security platforms appeared first on CyberScoop.

Continue reading Cybercriminal offers email implant software that dodges traditional security platforms

As COVID-19 travel restrictions eased, scammers pounced

Posted on by

You can add travel-booking scams to the ways that cybercriminals have adapted to the pandemic-era economy. After slashing prices on the hacking tools sold on underground forums and targeting software used for remote work, crooks have been monitoring the fluctuations in travel restrictions around the world for an opportunity to hawk illicit travel schemes, according to research published Tuesday by the threat intelligence firm Gemini Advisory. The analysts found an uptick in travel-related chatter on over a dozen cybercriminal forums since July, not long after countries in Europe began loosening travel controls. Mentions of travel-related issues on the forums went from roughly 100 per day in early June to more than 600 per day in early September, Gemini Advisory analysts said. “Numerous dark web forum members and Telegram channels have resumed advertising travel services after being dormant during the peak of COVID-19 pandemic,” Gemini Advisory said in a blog post. “One prominent […]

The post As COVID-19 travel restrictions eased, scammers pounced appeared first on CyberScoop.

Continue reading As COVID-19 travel restrictions eased, scammers pounced