GiftGhostBot scares up victims' gift-card cash with brute-force attacks

Software nasty can burn through 1.7 million account numbers per hour

Cybercrooks are using a bot to automate the process of breaking into and draining online gift card accounts.

The software nasty, named GiftGhostBot, attempts to steal cash from money-loaded gift cards provided by a variety of retailers around the globe, according to Distil Networks.

Any website – from luxury retailers to supermarkets to major coffee distributors – with gift card processing capabilities could be a target. Distil has seen this attack on almost 1,000 websites since it first detected it late last month.

Fraudsters are using the bespoke cybercrime tool to generate lists and lists of account numbers, and request the balance for each number. Whenever this brute-force attack throws up an actual balance, rather than an error or zero, the account number is automatically logged.

The criminals can then either resell these confirmed account numbers on the dark web or use them to purchase goods. There appears to be no other authentication involved: just the digits you'd find on the card, which can be guessed by software. GiftGhostBots are being distributed across worldwide hosting providers, mobile ISPs, and data centers, executing JavaScript mimicking a normal browser to avoid detection.

GiftGhostBot lies about its identity by using rotating user-agent strings (Credit: Distil)

On average, the operators of GiftGhostBot can test as many as 1.7 million gift card account numbers per hour, we're told.

"Like most sophisticated bot attacks, GiftGhostBot operators are moving quickly to evade detection, and any retailer that offers gift cards could be under attack at this very moment," said Rami Essaid, chief exec of Distil Networks.

"While it is important to understand that retailers are not exposing consumers' personal information, consumers should remain vigilant. Check gift card balances, contact retailers and ask for more information."

More technical details on the GiftGhostBot cybercrime tool can be found in a blog post by Distil Networks here. ®

Sponsored: Minds Mastering Machines - Call for papers now open




Biting the hand that feeds IT © 1998–2018