Card Not Present Fraud , Fraud Management & Cybercrime

Hackers Steal Credit Card Data of Deal-Seeking Shoppers

China-Linked Criminals Processed Orders Worth $50M: Security Research Labs
Hackers Steal Credit Card Data of Deal-Seeking Shoppers
These aren't real Adidas shoes. Neither are the shoes sold by a network of fraudulent online stories dubbed BogusBazaar. (Image: Shutterstock)

Hackers linked to Chinese fraudsters are targeting online shoppers to steal credit card information, likely making off with about $50 million from victims in the United States and Western Europe who order premium shoes at discount prices on fraudulent deal websites.

See Also: Panel Discussion | Smartest Path to PCI DSS v4.0 on AWS

The criminal group, dubbed BogusBazaar, has processed more than 1 million orders since its inception three years ago, said Security Research Labs. The loss is only an estimate: Hackers may not obtain every payment card number, and the total does not take into account secondary damages caused by fraudulent use of stolen credit card details.

The hackers offer deals on branded shoes and apparel to lure customers, harvesting credit card details through a spoofed payment interface. The spoofed interfaced is designed to throw out an error message and take the victim to a malicious functioning payment gateway. Payments are facilitated through PayPal, Stripe and credit card processors, researchers at the German cybersecurity firm said.

More often than not, the victims don't receive the merchandise. Sometimes, they get cheap counterfeits.

The gang runs a fraudulent network of more than 75,000 domains, most of which are expired domains with good Google reputations. The shops have customized names and logos and have quality assurance procedures in place to minimize inconsistencies. As of April 2024, about 22,500 of these domains were active.

"The criminal network has grown for years through low-key highly-scalable fraud," the researchers said.

The network runs on an infrastructure-as-a-service model, where a core team is responsible for infrastructure management, such as software development, back-end deployment and plug-in customizations to support the fraud operations. A decentralized network of franchisees operates the fraudulent shops.

Each aspect of the operation, such as the web shops, payment gateways and management applications, runs on separate infrastructure.

BogusBazaar fraudsters use the WooCommerce WordPress plug-in, a service often targeted by threat actors.

The gang hosts a majority of its servers in the United States. Each server runs up to 500 web shops and is associated with more than 100 IP addresses each. The researchers did not specify how many servers the gang hosted in total.

Bogus Bazaar has automated its infrastructure deployment, allowing it to quickly deploy new webshops or rotate payment pages and domains that are taken down by law enforcement.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Assistant Editor, Global News Desk, ISMG

Ramesh has seven years of experience writing and editing stories on finance, enterprise and consumer technology, and diversity and inclusion. She has previously worked at formerly News Corp-owned TechCircle, business daily The Economic Times and The New Indian Express.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.