Black Friday Threat Alert: Popular Online Retailers Among Top Targets for Data-Stealing Malware in 2018

Woburn, MA – November 15, 2018 – As the holiday shopping season begins, new research from Kaspersky Lab shows that banking Trojans are actively targeting customers of popular consumer brands, stealing login credentials and other personal information through retail sites. Kaspersky Lab technologies detected 9.2 million attempted attacks on online shops in Q3 2018 – a dramatic shift compared to 11.2 million attack attempts throughout all of 2017. Online shoppers in the U.S., Italy, Germany, Russia and emerging markets appear to be particularly at risk.

Traditionally, banking Trojans mainly target users of online financial services, as cybercriminals hunt for banking or payment data to steal. Over time, several of these banking Trojans have enhanced their functionality and reach to target online shoppers, attempting to steal their data, or even obtain root access to their devices. With online shopping sales in the U.S. expected to eclipse $5 billion on Black Friday, cybercriminals will be taking advantage of this season to target a massive pool of potential victims.

The main malware families stealing personal data through e-commerce brands are Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye. In particular, detections for SpyEye are expected to be up 34 percent year over year. These Trojans target well known e-commerce brands to hunt for user information, such as logins, passwords, payment details, phone numbers and more. They seize the data from victims by intercepting input data on target sites, modifying the online page content, and/or redirecting visitors to phishing pages.

The research found that half (50%) of the brand names targeted by the detected malware families are established consumer brands, including fashion, footwear, jewelry, gifts, toys and department stores, followed by consumer electronics brands (12%) and entertainment/gaming brands (12%). Overall, Kaspersky Lab uncovered 14 malware families targeting a total of 67 consumer e-commerce sites. 

Of these malware families, Betabot was found to be targeting 46 different brands, including 16 different consumer apparel brands, four consumer electronics brands and eight entertainment/gaming brands, with the most users affected in Italy, Germany, Russia and India. Gozi was found to be targeting 36 brands, including 19 consumer apparel and three consumer electronics brands, with most affected in Italy, Russia, Brazil and France.

The researchers also discovered more than three million sets of e-commerce credentials up for sale on a marketplace easily accessible through a Google search. Sellers charge the highest prices for what appear to be hacked merchant accounts – those used by small businesses to sell their goods and services and manage online payments. 

“Credential-stealing banking malware is nothing new; however, the existence of families hunting for data related to online shopping accounts is perhaps more unexpected,” said Yury Namestnikov, principal security researcher, Kaspersky Lab Global Research and Analysis Team. “If your computer is infected with one of the listed Trojans, then criminals are able to steal payment card details when you enter them on a shop’s website. After that, it is easy for a hacker to get to your money through a compromised credit card. As we come into the busiest online shopping season of the year, we urge consumers and retailers to be extra vigilant about their security, and to check and double check the integrity of websites before entering or downloading any data.” 

Kaspersky Lab recommends that consumers take the following steps to stay safe when shopping online this holiday season:

• Install a comprehensive security solution on all devices that you use to shop online.
• Avoid buying anything online from websites that look potentially dangerous, or which resemble an incomplete version of a trusted brand’s website.  
• Don’t click on unknown links in email or social media messages, even from people you know, unless you were expecting the message.

Furthermore, Kaspersky Lab recommends the following tips for individuals or small businesses selling merchandise online: 

• Use a reputable payment service and keep your online trading and payment platform software up-to-date. 
• Use a tailored security solution to protect your business and customers.  
• Pay attention to the personal information used by customers to buy from you. Use a fraud prevention solution that you can adjust to suit the needs of your company and customers.
• Carefully consider how much money you are keeping in an online payment transaction account at any one time. The greater the balance, the higher the value of that account to hackers.
• Restrict the number of attempted transactions customers can make, and always use two-factor authentication (verified by Visa, MasterCard Secure Code, etc.). 

The research is based on data obtained with user consent and processed using the Kaspersky Security Network (KSN). All malware belonging to the banking Trojans covered in the report are detected and blocked by Kaspersky Lab security solutions.

Further information on the research and a copy of the report, “Buyer Beware: Cyber-Threats Targeting e-Commerce, 2018,” can be found on Securelist.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Media Contact
Meghan Rimol
781.503.2671
meghan.rimol@kaspersky.com