Distil Network researchers reported the appearance of a GiftGhostBot botnet.Specialists say that the GiftGhostBot exists since February 26th, 2017 and that its main goal is gift cards fraud.
GiftGhostBot aimed at an array of websites that accept gift cards. Most of the victims are eCommerce websites. Such resources support end point to interact with the organization that issued the cards.
Once the attackers received an answer from the end point they new that that card number exist and that it had money on it . As a result, they could use it to purchase goods or or sell the numbers on the Darknet. Distil Network analysts said nothing about the amount of compromised gift cards. It is only said that 1000 websites suffered from this botnet.
Distil Network experts recommend owners of websites that accept gift cards to add CAPTCHA to their pages. By doing so, they can limit the amount of requests.