This new fraudster bot spotted in the wild attacks Online stores

A new bot named Giftghost is designed by hackers which are being used to defraud many gift card owners. According to the reports, the attacks are first spotted on February 26th by the Distil Networks, a cyber security firm. Ever since then, nearly 1000 websites became the victims of this brutal hack.

The crooks are using this bot to generate possible account numbers of consumers automatically and requesting the balance account of each card number. When a card balance is received, rather than an error or zero, that means that attack was successful and credentials could be then sold on Darkweb or can be used to make a purchase.

This is what the Distill Networks researcher Anna Westelius said about the Giftghostbot:

“First, it lies about its identity by rotating the user-agent strings. Then, it is massively distributed across various hosting providers and the data-centers across the world. Then, it is technically sophisticated when it executes the JavaScript, just mimicking a normal browser. Finally, its persistent in that if it is blocked by one technique it adapts and then returns using another attack technique.”

According to theDistill networks, this bot is capable of sending more than 1.7 million requests per hour and damage caused by this bot is still unknown.

Although, this bot is basically designed to steal gift card information of consumers, in many cases it can affect websites as well. In many isolated cases, millions of requests could lead to the slowdown or potential downtime of the website.

Rami Essaid, the CEO of Distill networks said that: “Like many sophisticated bot attacks, the GiftGhostBot operators are moving rapidly to evade the detection, and any retailer which offers gift cards can be under attack at this moment. While it is important to understand that retailers are not exposing consumers’ personal information, consumers should remain vigilant. Chef gift card balances, contact retailers and ask for more information. To prevent resources from being drained, individuals and companies must work together to prevent further damage.”

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA