Morphixx Malvertising Credit Card Scam Attacks Japan, Europe, and the US
Morphixx Malvertising Credit Card Scam is a part of a Global Malicious Ad Campaign to Steal Credit Card Numbers and Potentially Generating $5 – 10 Billion in Duplicitous Credit Card Charges Globally
GeoEdge security research team first uncovered the malicious Morphixx credit card scam attack ads in Europe in June, and a full-blown auto-redirect malvertising attack with millions of ad impressions was launched in Japan on August 15th and in the US on September 6th, which was thwarted by GeoEdge.
Even before the COVID-19 pandemic had shown its crisis intensity, we had already predicted that malvertising and dark net data scams would be a complex challenge to identify and thwart in 2020. This year has already been a record year for malicious advertising, with malware attack ads increasing by 85% according to ad security provider GeoEdge.
At the time of this announcement, Liran Lavi, Security Team Lead, GeoEdge SAID:
“The Morphixx malvertising credit card scam was run by an advanced and well-funded group of cybercriminals, judging by the sophistication of the ad implementation and personalization, the timing of the ads for less than 24 hours during the weekend when fewer security employees are working, and the fact that these campaigns have run across so many geographies and time zones.”
Liran added, “These cybercriminals either have a network to monetize the stolen credit cards quickly OR are selling the credit card numbers on the dark web – not things teen hackers typically attempt.”
Liran provides a solution as well.
“The only way to block increasingly sophisticated and payment-based malicious ad attacks like Morphixx is through continuous and real-time advanced malware detection utilizing patented behavioral code technology,” added Liran from GeoEdge.
Identity Theft Lift at 75.4% Between 2017-2019; Credit Card Scams Accounting Over One-Third of Cases
Research from the Federal Trade Commission shows that identity theft has increased by 75.4% between 2017 and 2019 with credit card scams accounting for 41.8% of the reported incidences of identity theft. And this is before accounting for the increase in 2020 as a result of COVID-19 and the laxer security resulting from more users working from home.
As these numbers attest, credit card scams have become big business. According to cyber intelligence firm Sixgill, in the first half of 2019, there were 23 million credit and debit card numbers for sale in the dark web, with 15 million of those American cards.
This has enticed multinational cybercriminal organizations to invest resources to develop and implement digital advertising-based credit card scams. The global nature and sophistication of the Morphixx malvertising attacks indicate that the perpetrators aren’t teens in their basement. And the increased digitization of payments will undoubtedly be met with a significant increase in malvertising attacks involving payment solutions.
Number of Ad Impressions Increased Dramatically Targeting Users in the UK, Italy, Switzerland
On June 23rd, the Morphixx campaign ads were first noticed in Europe, in low volumes, and without the malicious payload. The malicious advertisers inserted keywords like ‘Adidas’ into the ad’s URL as a distraction to gain the trust of the ad networks which ran the campaign, making malicious detection more difficult (than when campaigns are run from private servers instead of known ad networks). Because the ads ran via known ad networks, they appeared on popular and trusted websites.
How Morphixx Malvertising Credit Card Scam Works, in Chronology?
On June 28th, the number of ad impressions increased dramatically targeting users in the UK, Italy, Switzerland, and other countries based on their IP address with the malicious payload, according to security researchers at GeoEdge. From the initial Adidas ad, users were auto-redirected to a malicious fake ad in the colors, logo, and language of each user’s Internet Service Provider (ISP) asking them to complete a short survey.
Upon completion of the survey, a congratulatory message was triggered announcing that each user won a free mobile phone for which they must submit their email and credit card details.
This is where innocent users fell pretty to the malvertising scam.
How Malvertisers Avoid Detection!
To avoid detection, the malvertisers behind Morphixx implemented a fingerprinting process to avoid detection mechanisms by loading a creativeJS file which allows the project to be downloaded quickly and cached across different sites using the same version of libraries. Next, the malicious script is loaded – an obfuscated script to set up the URL for the initiation of the redirect script.
How GeoEdge Found Out the Morphixx Malvertising Credit Card Scam
Security researchers at GeoEdge, utilizing the company’s patented behavioral code analysis technology, content and deep landing page analysis and advanced malware detection, uncovered the Morphixx Malvertising Credit Card Scamz in Europe. The landing page with prizes and comments from 127 people, many including profile pictures, highlights the sophistication of the Morphixx malvertising efforts.
Given the elaborate personalization of the content, including branding from the user’s ISP, the percent of users who fall victim to such a scam can be as high as 1 – 2%, according to GeoEdge.
The campaign in Japan, also detected by GeoEdge’s security research team, was identical, indicating that both efforts are from the same cybercriminal organization. The number of ads served in Japan was greater than in Europe, undoubtedly influenced by the fact that Japan is s cyber-secure country and users tend to be more trusting than in Europe or North America.
On Sunday, September 6th, in the early morning hours, the Morphixx malicious credit card scam struck in the US, according to GeoEdge’s security research team.
Currently, GeoEdge is the premier provider of ad verification and transparency solutions for the online and mobile advertising ecosystem. The company’s mission is to protect the integrity of the digital advertising ecosystem and to preserve a quality experience for users.
Comments are closed, but trackbacks and pingbacks are open.