A credit card stealing service is gaining traction, providing a simple and automated option for low-skilled threat actors to enter the realm of financial fraud.
How Do Credit Card Skimmers Work?
Credit card skimmers stand for malicious programs that are put into compromised e-commerce websites and wait patiently for clients to purchase something on that website.
Following a purchase, these malicious programs capture credit card information and transport it to remote sites, where hackers can collect it.
These stolen cards will be further used by cybercriminals to make online purchases for themselves or the credit card info end up on sale on dark web markets.
Caramel Credit Card Theft: More Details
Domain Tools found the new service, which claims that it is run by a Russian criminal outfit called “CaramelCorp.”
CaramelCorp is a Russian-language credit card skimming service with a significant cybercrime forum presence. They appear to screen prospective customers carefully and are reluctant to interact with non-Russian speakers. Like other cautious cybercrime services, CaramelCorp appears to use fluency and familiarity with modern idiomatic language and cultural references as an initial vetting mechanism. Further, CaramelCorp generally refuses to sell licenses to inexperienced carders, likely in order to mitigate potential exposure arising