A phishing campaign dubbed “Phish n’ Ships” has infected over 1,000 legitimate online stores, promoting fake product listings for hard-to-find items. The operation has impacted hundreds of thousands of consumers, causing estimated losses of tens of millions of dollars.
The attack begins by infecting sites with malicious scripts, exploiting known vulnerabilities or misconfigurations. Once a site is compromised, the threat actors upload fake product listings with SEO-optimized metadata to increase visibility on Google search results. When victims click on these links, they are redirected to fraudulent websites, often mimicking the interface of the compromised e-store.
The fake shops are connected to 14 IP addresses and contain a specific string in the URL that makes them identifiable. The malicious sites steal credit card details and complete payments using semi-legitimate payment processor accounts controlled by the attackers.
A coordinated response by HUMAN and its partners has disrupted the campaign, removing most malicious search results and taking offline nearly all identified shops. Payment processors have also been informed, removing offending accounts from their platforms. However, the threat actors can adapt to this disruption, and Satori continues monitoring for resurgence.
Consumers are advised to look out for unusual redirects, validate shop URLs, and report fraudulent charges to their banks and authorities immediately.
Source: https://www.bleepingcomputer.com/news/security/over-a-thousand-online-shops-hacked-to-show-fake-product-listings