Connect with us

Hi, what are you looking for?



Hackers Inject Skimmer Into Boom! Mobile’s Website

Hackers associated with the “Fullz House” group have compromised the website of Boom! Mobile and planted a web skimmer, Malwarebytes reports.

Hackers associated with the “Fullz House” group have compromised the website of Boom! Mobile and planted a web skimmer, Malwarebytes reports.

The victim, an Oklahoma-based wireless services provider, claims to deliver great customer service and transparency to its users, all without contract. The mobile phone plans it sells work on other big networks in the country.

Initially detailed in November 2019, Fullz House has been active for over a year, focused either on phishing for personally identifiable information, banking credentials, and banking card data, or on skimming or phishing card data from ecommerce sites.

The two parts forming this group’s activity are split, but security researchers did observe in the past overlaps in infrastructure (including overlaps between the infrastructure used for sales operations and that employed for stealing data).

The attack on Boom! Mobile, Malwarebytes reveals, involved the injection of one line of code containing a Base64 encoded URL designed to load a JavaScript library from a remote domain used in a previous attack.

The injected URL, Malwarebytes’ security researchers say, loads a fake Google Analytics script which is nothing more than a credit card skimmer designed to find specific input fields and exfiltrate data from those fields.

“This skimmer is quite noisy as it will exfiltrate data every time it detects a change in the fields displayed on the current page. From a network traffic point of view, you can see each leak as a single GET request where the data is Base64 encoded,” the researchers explain.

Malwarebytes also explains that the attackers have registered a large number of new domains in late September, a pattern that the group has followed before. The group has been active over the summer as well.

Advertisement. Scroll to continue reading.

Boom! Mobile’s website is running PHP version 5.6.40 (which reached end of support in January last year) and this, or a vulnerable plugin, might have been the point of entry, Malwarebytes notes.

The security firm also says that it reported the incident to the wireless services provider both via live chat and email, but hasn’t heard back and the compromise hasn’t been addressed yet, meaning that Boom! Mobile customers continue to be at risk.

“While Magecart attacks typically target e-commerce retailers, any business collecting credit card numbers and other personal information online is vulnerable. Shadow Code vulnerabilities lurk in third-party and open source libraries commonly used in web applications. Businesses must ensure they have continuous visibility into client-side scripts on their websites in order to detect and stop such digital skimming attacks,” Ameet Naik, security evangelist at PerimeterX, said in an emailed comment.

Related: Magecart Group Hits 570 Websites in Three Years

Related: Hunting for Magecart With

Related: Magecart Attacks on Claire’s and Other U.S. Stores Linked to North Korea

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights