Cybercriminals have developed a piece of software that’s designed to help payment card fraudsters automate unauthorized charges to ensure that they make a profit before their activities are picked up by fraud detection systems.
Payment card fraudsters are always looking for ways to improve their operations and the new platform provided by an organized crime group called “Voxis Team,” which surfaced on the black market in August, might be exactly what they need.
According to researchers from threat intelligence firm IntelCrawler, who have been monitoring Voxis Team, the new automated tool can be used to send batches of fraudulent payment card charges to multiple gateway processors.
A payment gateway is a service that’s used to authorize credit card payments for online stores and facilitates the transfer of information between the website and the bank.
When they get their hands on stolen payment card data, cybercriminals open merchant accounts with a payment gateway, for which they use money mules and stolen identities. They also set up fake websites to get the payment gateways to approve their accounts. Once they obtain a merchant account, they must quickly make transactions with the stolen cards before they’re detected by anti-fraud systems.
The Voxis Platform helps increase the chances of having the fraudulent charges authorized by emulating human behavior and buying patterns.
“Taking advantage of fraudulently obtained merchant accounts, bad actors can use speed to automate and load cards to be charged for pre determined amounts at predetermined times, all with the goal of sliding under fraud detection systems,” IntelCrawler said in a blog post.
The authors of the Voxis Platform claim their solution can use a total of 32 payment gateways, including Coinbase, MultiSafepay, PayPal, WorldPay, and Stripe.
“The list of fully supported payment gateways includes some famous payment processing companies, which if exploited, may incur compliance issues, AML regulations issues, and chargeback concerns for the merchants and their respective acquiring banks,” IntelCrawler noted.
One interesting feature of the platform is called “Autofill Missing Info.” The feature uses the API from the people search engine Pipl.com to automatically fill in cardholder information that might be missing.
Tens of millions of credit and debit cards have been stolen recently and experts say this has created a demand on the underground market for methods that can be used to monetize the data quickly. Researchers have noticed that cybercrime groups pool their programming resources to create tools.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
Latest News
- Germany Appoints Central Bank IT Chief to Head Cybersecurity
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
