Enlarge /. Computer hacker character stealing money online. Vector flat cartoon illustration
If you're looking for a new mobile phone plan in the market, don't look to Boom! Cell phone, mobile phone. That is, unless you don't mind that your sensitive payment card information is sent to criminals in an attack that has been going on for the past few hours.
According to researchers at the security company Malwarebytes, Boom! Mobile's boom.us website is infected with a malicious script that scans payment card details and sends them to a server controlled by a criminal group. Researchers have named Fullz House. The malicious script is called by a single line that contains mostly nonsense characters when viewed with the human eye.
"This skimmer is pretty noisy as it filters out data every time it detects a change in the fields displayed on the current page," the Malwarebytes researchers wrote in a post published Monday. "From a network traffic perspective, you can see each leak as a single GET request with the data encoded in Base64."
Scrambling the data into Base64 strings hides the real content. Decoding the strings is trivial and is done once the members of the Fullz house receive it.
How exactly the vicious line was added to the boom! Website is not clear. As Malwarebytes discovered, this site security scan by security firm Sucuri shows Boom.us is running PHP 5.6.40, a version that has been deprecated as of January 2019 and has known security vulnerabilities. It is possible that an attacker could have found a way to exploit one or more PHP vulnerabilities, but there could also be other explanations.
The name Fullz House is an allusion to Fullz, which stands for the full or full details of a credit or debit card. A fullz usually contains the full name and billing address of the owner. Card number, expiration date and security code; and often a social security number and date of birth. A fullz sells much more than just partial information in underground markets. Malwarebytes said it had seen Fullz House before.
People considering purchasing a new phone plan should contact Boom! Keep away, at least until the skimmer script is removed. The virus protection from Malwarebytes and some other providers also warns you when users visit a website that is infected with one of these skimmers. Boom! Representatives have not responded to messages asking for a comment on this post.