Credit card skimming group Fullz House has compromised the website of US mobile virtual network operator (MVNO) Boom! Mobile in a MageCart attack. The hacker group injected the website with a credit card stealer script.
Boom! Mobile provides users with postpaid and prepaid no-contract wireless service plans that work on the nation’s largest cellular networks including AT&T, Verizon, and T-Mobile.
The hackers use these scripts to steal payment or personal info submitted by the sites’ customers in an e-commerce form.
The card skimmer collects payment card information from input fields whenever it detects any changes, immediately exfiltrating the harvested data as a Base64 encoded GET request.
It is not known what exactly is the method used by the Fullz House Magecart group to infiltrate Boom’s website. Malwarebytes found that the company site runs PHP version 5.6.40, which has been unsupported since January 2019.
Malwarebytes reported this incident to Boom! Mobile but the company has not responded to it.
Fullz House is famous for using a hybrid skimming/phishing technique and they are involved in both skimming and phishing for banking and card info from both payment provider customers and during checkouts on e-commerce platforms.
They also developed web skimmers of their own which camouflage as a Google Analytics script and gets loaded via a script tag within the compromised online shops. Their skimmer scripts work like a keylogger that continually check input fields for changes.