BadB
Professional
- Messages
- 2,557
- Reaction score
- 2,743
- Points
- 113
How to transfer stolen data?
The guys from Magecart didn't bother. They simply send information from the “cardboard” stealer directly to Telegram. And really, why bother with encryption and servers, if Durov has already invented everything a long time ago.
The process of stealing credit cards with the help of Durov's brainchild was first described by researcher @AffableKraut on his Twitter account.
The Magecart group has long been known for using vulnerabilities in online stores to insert its code into their pages in order to steal credit card data entered by users. This type of attack, also known as "formjacking", uses Javascript inserted by hackers into the pages of hacked shops, which intercepts and transmits information entered by customers to the attackers' servers.
We already wrote that hackers manage to insert the stealer code not only into the metadata of images, but even into the favicon of the site.
New this time around is the method of transmitting the data itself (such as name, address, credit card number, expiration date and CVV) via an instant message sent to a private Telegram channel using the encoded bot ID in the “stealer” code.
The advantage of using Telegram is that attackers no longer need to worry about creating a separate infrastructure for transmitting the collected information, Durov took care of everything.
