Researchers have discovered an all new credit card skimming campaign stealing funds.
The hackers are using the famous messaging app Telegram for transmitting the stolen payment details of users from compromised websites to the attackers themselves. These details include the user’s name, email address, card details including the card number, CVV & expiry date.
Using Telegram places the attackers at a big advantage in terms of time. Instead of working to create their own C2 server along with a dedicated communication process that would require their own domains, they can just use an already established network.
Hackers have incorporated “anti-debugging checks’” in the code to escape from web debuggers. The bot ID, channel, and the Telegram API request is encoded using Base64. This methods clearly shows that the hackers have a very well planned attack that they have launched and will be benefiting from it.
Telegram or any such messenger app also allows hackers to monitor the notifications. These notifications will help the hackers to determine new victims so that they can quickly steal from the their card.
The stolen information can be used by hackers on various instances to launch distinct attacks on the victims. The compromised data has a lot of sensitive fields which can damage the victim both financially and socially.
NPAV recommends users to never trust any platform for submitting any of your sensitive data. Apps and phone calls impersonating banking officials can be used by hackers to steal from people. Users must also refrain from sharing their CVV and OTPs to any untrusted payment portals.
Install NPAV on your devices to keep them protected from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.