Distil Network researchers reported the appearance of a GiftGhostBot botnet.Specialists say that the GiftGhostBot exists since February 26th, 2017 and that its main goal is gift cards fraud.
GiftGhostBot aimed at an array of websites that accept gift cards. Most of the victims are eCommerce websites. Such resources support end point to interact with the organization that issued the cards.
Botnet was used to carry out brute-force attacks against those end point. The average speed on an attack varied from 1,7 million guesses per hour, and at cases reaching 4 million gusses per hour. According the researcher’s data,they were able to detect the activity of 6400 unique devices and 20 900 IP-addresses. Also, the botnet was able to work with JavaScript thus, the bots could mimic the behaviour of ordinary users, while distributing itself between hosts, data-centers and mobile operators.
Once the attackers received an answer from the end point they new that that card number exist and that it had money on it . As a result, they could use it to purchase goods or or sell the numbers on the Darknet. Distil Network analysts said nothing about the amount of compromised gift cards. It is only said that 1000 websites suffered from this botnet.
Distil Network experts recommend owners of websites that accept gift cards to add CAPTCHA to their pages. By doing so, they can limit the amount of requests.