Threat Intelligence Alert: Phish 'n' Ships Fakes Online Shops to Steal Money and Credit Card Information

Nov. 1, 2024, 12:26 a.m.

Tags
phishing
seo poisoning
2024-10-31
chinese threat actors
credit card theft
fake web stores
payment processor abuse
search engine manipulation
e-commerce fraud
External References
Description

A sophisticated fraud scheme dubbed 'Phish 'n' Ships' has been uncovered, involving fake web shops that exploit digital payment providers to steal consumers' money and credit card information. The operation, traced back to 2019, has infected over 1,000 websites, created 121 fake web stores, and resulted in estimated losses of tens of millions of dollars. The threat actors, using tools with Simplified Chinese language, drive traffic to these fake shops by infecting legitimate websites and manipulating search engine rankings. The scheme has been partially disrupted through collaborative efforts, but remains an active threat. This operation highlights the dangerous intersection between digital advertising and fraud, emphasizing the need for caution in online shopping.

Date

Published: Oct. 31, 2024, 7:46 p.m.

Created: Oct. 31, 2024, 7:46 p.m.

Modified: Nov. 1, 2024, 12:26 a.m.

Indicators

210.16.120.35

45.76.173.44

104.128.239.68

5.22.221.160

173.214.161.82

199.33.121.230

199.33.127.244

199.33.121.229

209.74.107.132

209.74.107.131

209.74.110.211

209.74.110.214

209.74.110.213

209.74.110.212

209.74.110.181

209.74.110.186

209.74.110.188

209.74.110.180

209.74.110.187

209.74.110.179

209.74.110.189

209.74.110.182

Download all indicators here!

Attack Patterns

T1557

T1189

T1071.001

T1598

T1195

Additional Informations

Retail

Finance