HomesecurityBoom! Mobile: Fullz House violated the mobile phone provider's site ...

Boom! Mobile: Fullz House hacked mobile carrier site to steal credit cards

Fullz House, a hacking team famous for skimming (scamming) credit cards, violated and infected the site of the virtual mobile network operator (MVNO) of USA “Boom! Mobile ”, with a credit card theft script. Boom! Mobile provides US-based customers with prepaid wireless service plans that operate on the nation's largest mobile networks, including AT&T, Verizon and T-Mobile. This type of violation is known as an attack MageCart, web skimming or e-skimming. These scripts are then used by them hackers with the aim of stealing credit cards or personal information submitted by the customers of the sites in e-commerce forms.

According to BleepingComputer, the infringement of the Boom site! Mobile is currently in development, with the malicious credit card skimmer of the Fullz House team being active on the e-commerce platform based on the company's shopping cart.

Boom! Mobile-breach site

According to her security intelligence team Malwarebytes, hackers provided a unique line of code that loads an external JavaScript library from paypal-debit [.] Com / cdn / ga.js, covered as Google Analytics script.

The skimmer collects credit card information from the respective input fields whenever it detects any changes, immediately executing the data collected as a GET request with Base64 encoding.

Although the exact method used by Fullz House to penetrate the Boom site is not known! With the aim of stealing credit cards, Malwarebytes noticed that the company's site was running version 5.6.40 of PHP, a version that ceased to be supported in January last year.

Boom! Mobile-breach site by Fullz House

Malwarebytes reports to Boom! Mobile the security incident he discovered both through live chat and through e-mail, but has not received a response from the company so far. In addition, Malwarebytes added that the Boom! Mobile remains at risk, as do its online shoppers.

Fullz House uses a hybrid skimming tactic / Phishing, as discovered by researchers of the digital threat management company RiskIQ. Team members carry out skimming and phishing attacks, targeting bank information and credit card information from both payment provider customers and payments on e-commerce platforms. In addition, they try to develop their own web skimmers instead of relying on skimmers created by others who disguise them as Google Analytics scripts and load them through a script tag into the infringed online stores.

Boom! Mobile-breach site by Fullz House aimed at stealing credit cards

However, unlike modern skimmers who collect the data only when customers complete the order do Fullz House skimmer scripts work more like a keylogger constantly monitoring input fields for changes.

In addition, the skimmer developed by Fullz House also works as a phishing tool, which redirects victims who press the button "Buy", from the breached online store to fake and "fraudulent" payment sites, which have been designed in such a way as to "imitate" payment interfaces by legitimate financial institutions. On this page, victims are asked to enter the payment information sent to the attackers' servers as soon as the button is pressed. "Payment". Victims are immediately redirected to the store's actual payment processor page to complete the purchase, without knowing that their credit card details have been stolen.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.