Distil Networks, a bot detection and mitigation company, has announced that its analyst team has uncovered an Advanced Persistent Bot (APB) that targets gift card payments processes on websites. The bot, named GiftGhostBot, is attempting to defraud consumers from the money loaded on gift cards from a variety of retailers around the globe. Any website, from luxury retailers, to supermarkets, to major coffee distributors, with gift card processing capabilities could be a target. Distil has seen this attack on almost 1,000 customer websites.
Beginning on 26th February 2017, the Distil Networks Security Analyst team noticed increased bot activity on customer websites with gift card processing capabilities. Fraudsters are using malicious automation to test a rolling list of potential account numbers and requesting each balance. If successful in obtaining the balance, fraudsters can resell the account number on the dark web or use them to purchase goods.
“Like most sophisticated bot attacks, GiftGhostBot operators are moving quickly to evade detection, and any retailer that offers gift cards could be under attack at this very moment,” says Rami Essaid, CEO of Distil Networks.
“While it is important to understand that retailers are not exposing consumers’ personal information, consumers should remain vigilant. Check gift card balances, contact retailers and ask for more information. In order to prevent resources from being drained, individuals and companies must work together to prevent further damage.”
GiftGhostBot has multiple features that confirm it is an APB:
– It is lying about its identity by rotating user-agent strings.
– It is heavily distributed across various hosting providers, mobile ISPs and data centres all over the world.
– It is persistent in that if it is blocked using one technique, it adapts and returns using a different attack technique.
For more on GiftGhostBot click here.