Criminals steal payment data from online shoppers by abusing the Telegram instant messaging API, inserting credit card skimming code.
Criminals set up fraudulent infrastructure that looks like a typical content delivery network—except it isn’t. Behind it hides a credit card skimmer injected into Magento online stores.
A Magecart credit card skimmer was found injected into hundreds of counterfeit, brand-name shoe stores—a one-two punch of victimization for users first duped with fake goods then stripped of their personal data.
Threat actors combine phishing with a web skimmer to create a devious scheme designed to lift credit card data from unaware shoppers.