How Hackers Are Targeting Bulgarian Online Shoppers

Bad actors have continuously upgraded credit card stealing malware with new features and capabilities designed to hide in plain sight to take advantage of e-commerce customers’ distraction.

“We’ve been regularly seeing injected scripts with URLs that either mimic or include a portion of the victim’s site domain,” said the Sucuri research team. “Sometimes the injected code also references the victim’s site. Recently, we’ve come across another level of customization.”

In a first instance, a Magento online shopping website was injected by bad actors with a script hosted at hxxps://elegrina[.]com/assets/.js and designed to replace the real payment form with a Bulgarian localized version, exfiltrating the stolen payment data to the elegrina[.]com domain.

The exfiltration domain was registered on November 18, and it used a hosting server from Russia to store the data stolen from infected online shops.

Localized payment form injecting scripts used to assail specific targets

Furthermore, Sucuri’s researchers went on hunting for other websites infected by the same malware campaign but managed to find a single other instance, an Italian online retail site using a .com domain.

The Italian online shop used the same script that injected a localized payment form, this time using hardcoded Italian captions to allow potential Italian victims to navigate their way around the payment page easier.

According to the Sucuri researchers, “while localization of the malware adds additional complexity to the attack, it is definitely worth it from an attacker’s perspective.”

Sucuri also found data stealer script injected within the Italian website which used POST Ajax requests to send payment details and site credentials stolen from online forms with the help of hijacked onclick handlers.

Even though the two different malicious campaigns did not show any evidence of being connected, they did prove the readiness of malware authors to put in the extra effort needed to customize their tools to attack specific targets while also being able to stay undetected throughout their mission.

Read More

Radev: Egypt And Bulgaria Allies Against Terrorism

Bulgaria and Egypt are on both sides of a troubled region, and our joint efforts make this region to be stable and secure'', President Rumen Radev said...

Deutsche Bahn Buys Train Wagon Factory In Karlovo

The wagon repair factory in Karlovo is now owned by the German railway company Deutsche Bahn. The deal is being prepared for...

30 New Gas Buses To Be Introduced To Sofia 111 Route

On December 28, at 13.00, the new 30 buses of Sofia Metro were be presented, they will run on natural gas.

Recent

Bulgaria Enter First EURO E-Sports League

Bulgaria has declared participation for the first-ever e-European Championship - UEFA eEURO 2020. Thus, native fans will have the opportunity to represent their country...

EU Extends Russian Sanctions By 6 Months

The Council of the EU, in a decision on December 19, prolonged the economic sanctions targeting specific sectors of the Russian economy until July...

Bulgaria To Support Georgia’s Application To Join EU

"Bulgaria will continue to support Georgia on its way to the EU, we appreciate what you have achieved and you can count on our...