Hackers spoof major brands for Black Friday scams

(Image credit: Image Credit: Leolintang / Shutterstock)

New research from Kaspersky Lab has revealed that cybercriminals are using banking Trojans to target online users of popular consumer brands to steal credentials and other information. With Black Friday approaching, make sure you're staying safe whilst shopping online at peak time for cybercriminal activity.

The firm detected 9.2m attempted attacks by the end of Q3 2018 compared to 11.2m during the entirety of 2017 which shows that hackers have stepped up their game ahead of this holiday season.

Banking Trojans are traditionally used to target financial services to look for data to steal or to build botnets. However, several banking Trojans have enhanced their functionality and reach to target online shoppers in an attempt to steal their data and credentials as well as to obtain root access to their devices.

Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye are the main malware families being used to target shoppers through e-commerce brands. The Trojans target well known e-commerce brands to search for credentials such as logins, passwords, card numbers, phone numbers and more by intercepting data on target sites, modifying page content and/or redirecting visitors to phishing pages.

Banking Trojans target online shoppers

According to Kaspersky, half (50%) of the brand names targeted by the malware families are established high street labels including fashion, footwear, jewelry, gifts, toys and department stores followed by consumer electronics brands (12%) and entertainment/gaming (12%).

Overall the firm found that 14 malware families were targeting a total of 67 consumer e-commerce sites which include 33 consumer apparel sites, eight consumer electronics sites, eight entertainment and gaming sites, three popular telecoms sites, two online payment sites and three online retail platforms.

The malware family Betabot was found to be targeting 46 different brands with most of those affected in Italy (14.12%), Germany (6.04%), Russia (5.5%) and India (4.87%). Gozi meanwhile was found to be targeting 36 brands with most of those affectred in Italy (19.57%), Russia (13.89%), Brazil (11.96%) and France (5.91%).

Principal Security Researcher at Kaspersky's Global Research and Analysis Team, Yury Namestnikov provided further details on the findings of the firm's research, saying:

“Credential-stealing banking malware is nothing new. However, the existence of families hunting for data related to online shopping accounts is perhaps more unexpected."

"If your computer is infected with one of the listed Trojans, then criminals are able to steal payment card details while you enter them on the shop’s website. After that, it is easy for a hacker to get to your money through a compromised credit card. Cybercriminals could also use the stolen accounts in money laundering schemes: buying things from a website using victims’ credentials so they look like known customers and don’t trigger any anti-fraud measures, and then selling those items on again. "

"As we come into the busiest online shopping season of the year, we urge consumers and retailers to be extra vigilant about their security, and to check and double check the integrity of websites before entering or downloading any data.” 

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.