How Hackers Are Targeting Bulgarian Online Shoppers

Bad actors have continuously upgraded credit card stealing malware with new features and capabilities designed to hide in plain sight to take advantage of e-commerce customers’ distraction.

“We’ve been regularly seeing injected scripts with URLs that either mimic or include a portion of the victim’s site domain,” said the Sucuri research team. “Sometimes the injected code also references the victim’s site. Recently, we’ve come across another level of customization.”

In a first instance, a Magento online shopping website was injected by bad actors with a script hosted at hxxps://elegrina[.]com/assets/.js and designed to replace the real payment form with a Bulgarian localized version, exfiltrating the stolen payment data to the elegrina[.]com domain.

The exfiltration domain was registered on November 18, and it used a hosting server from Russia to store the data stolen from infected online shops.

Localized payment form injecting scripts used to assail specific targets

Furthermore, Sucuri’s researchers went on hunting for other websites infected by the same malware campaign but managed to find a single other instance, an Italian online retail site using a .com domain.

The Italian online shop used the same script that injected a localized payment form, this time using hardcoded Italian captions to allow potential Italian victims to navigate their way around the payment page easier.

According to the Sucuri researchers, “while localization of the malware adds additional complexity to the attack, it is definitely worth it from an attacker’s perspective.”

Sucuri also found data stealer script injected within the Italian website which used POST Ajax requests to send payment details and site credentials stolen from online forms with the help of hijacked onclick handlers.

Even though the two different malicious campaigns did not show any evidence of being connected, they did prove the readiness of malware authors to put in the extra effort needed to customize their tools to attack specific targets while also being able to stay undetected throughout their mission.

Read More

Bulgarian Security Council Called Due To Attacks In New Zealand & Netherlands

The Security Council at the Council of Ministers met today at an extraordinary meeting at the request of Prime Minister Boyko Borisov....

United States Senate Passes Vote To Limit Trump’s Military Powers On Iran

The US Senate approved a resolution restricting US President Donald Trump's powers to conduct military operations with Iran, RIA Novosti reported. 55 senators voted in favor of this resolution and 45 opposed.

Sberbank Ranked Best In Europe

Sberbank, the largest Russian bank, was recognized as the best in Central and East Europe in the sphere of innovations use in operations, press...


Bulgarian-Chinese Joint Tender Project To Supply 15 Electric Buses

Bulgarian-Chinese tie-up Higer-Aowei won a tender to supply 15 electric buses and six charging stations in Sofia for 8.37 million euro ($9.36...

ALSO Holdings Acquires Solytron Bulgaria

Solytron Bulgaria, with sales of EUR110 million and a market share of over 30 per cent, is one of the leading IT...

The Sun Is Predicted To Continue To Shine For Another 4.5 Billion Years

The sun goes out for about another 4.5 billion years, reports RIA “Novosti” with reference to Director of the Institute of terrestrial magnetism, ionosphere and radio...