Boom! Mobile offers postpaid and prepaid no-contract wireless service plans to its customers that allow them to use the lines of the nation’s largest cellular networks including AT&T, T-Mobile, and Verizon.
The Fullz House hackers injected an e-skimmer into the website and unfortunately, the malicious software has yet to be removed.
The malicious software collects payment card information provided by the users, then exfiltrates the harvested data as a Base64 encoded GET request.
Researchers believe that the Fullz House Magecart group has compromised the Boom’s website by exploiting a vulnerability in the PHP version 5.6.40 used by the company, which is no more supported since January 2019.
The experts attempted to report the compromise to Boom! Mobile without success.
The Fullz House group was first spotted by security experts at RiskIQ in November 2019, when it was using phishing and web skimming for its attacks. Since August-September of 2019, the group started using a hybrid technique that leverages on MiTM and phishing attacks to target sites using external payment processors.
Hacker groups under the Magecart umbrella continue to target to steal payment card data with so-called software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010.
According to a joint report published by RiskIQ and FlashPoint in 2019, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.
MalwareBytes researchers also shared Indicators of Compromise for this attack in its analysis.
(SecurityAffairs – hacking, e-skimmer)