Fraudsters sign up to credit card skimming ‘subscription service’ for £80 a month

Malware, or malicious software, has been revealed to be helping fuel a shady underworld of bank card theft on the dark web.

Criminals are selling software programs to other criminals that allow them to more easily collect personal card details from unsuspecting victims, often in exchange for “subscriptions” costing as little as £80 a month.

Scammers have also been stealing credit card details using this software, which they then bundle together and sell to other criminals on the dark web.

Details of more than 600,000 bank cards around the world have been leaked online in this way, a new report from cybersecurity firm NordVPN reveals.

And it’s not just card numbers that criminals steal. Worryingly, 99 percent of stolen card profiles also include additional data, such as the victim’s name, computer files and saved credentials, which can be used for other types of fraud.

How do criminals steal card data?

Malware is malicious software designed to infiltrate, damage, or exploit computer systems and networks.

Malware tools, which are often paid for by subscription, are used by criminals to steal information. They work like any other subscription service, in that the criminal pays a fee and receives access to various data-stealing features.

NordVPN cybersecurity expert Adrianus Warmehoven said: “Malware is often used as a weapon of mass infection because the results can spread on a large scale, even to relatively unskilled people.”

Malware-as-a-service is available for purchase for as little as £80 to £120 per month on specialist dark web marketplaces, often found on Telegram.

Malware vendors go the extra mile to help their customers, often providing detailed guidance, user guides, reviews, and dedicated forums where new users can get help.

The malware of choice for criminals is called RedLine. Six out of ten payment cards were stolen using this malware, according to NordVPN.

RedLine is a sophisticated information-stealing program that emerged in March 2020 and quickly became the dominant malware during the pandemic.

Redline primarily infiltrates devices via phishing emails, exploiting weaknesses in other software programs, misleading advertisements, and compromised public USB ports.

Warmehoven said: “RedLine is one of the most popular malware-as-a-service tools globally and our research has found that it is being used by cybercriminals in the UK. It is an easily accessible and relatively inexpensive tool for criminals of all technical abilities.

‘The National Cyber ​​Security Centre, the UK’s national cybersecurity agency, identifies RedLine Stealer as a significant threat, highlighting its popularity and ease of use.

‘RedLine Stealer specifically targets login credentials, credit card information, and other sensitive data. This stolen information can then be directly used to make fraudulent online purchases, making it a valuable tool for CNP fraud.’

Card data stolen via Redline is then put up for sale on various channels, including Telegram and dark web marketplaces.

Criminals can purchase these card details in bulk or individually, depending on the level of information available. Cards with additional information are in higher demand and are likely to sell out quickly.

Stolen data is sold and used at incredible speed, often within hours. Criminals know that the faster they exploit stolen payment card data, the greater the likelihood that their fraudulent transactions will be carried out.

Having someone’s credit card details can also enable other types of fraud. For example, if a fraudster had someone’s credit card details and phone number, they could call them and convince them that they are calling from their bank, before persuading them to transfer cash to them in an authorised automatic payment scam.

Which credit cards do scammers choose?

More than half of the 600,000 cards were Visa, a third were Mastercard, while 1 percent were American Express, NordVPN found.

All payment cards are at risk of theft, and Visa cards are the most likely to be stolen because more people use them.

A Visa spokesperson said: “Visa’s unwavering commitment to security has kept fraud at historic lows and our continued investment in fighting fraud and enhancing security delivers tremendous benefits to consumers and businesses.

‘We maintain active awareness of any cyber and fraud threats as we monitor the dark web, continually looking for indicators of attacks associated with such threats.

‘We work with our partners and customers globally to protect the network against a wide range of cyber and fraud threats. As part of this, we work closely with our client banks to educate and inform cardholders about the dangers of fraud and malicious actors is also a key part of this activity.

Mastercard is currently working with banks, fintech companies and merchants to phase out manual card entry for e-commerce in Europe by 2030, in favour of a single-click button that will work on any online platform.

It has created ‘tokenization’ as a way to protect customers’ card data, which replaces the 16- to 19-digit card number with a randomly generated one.

Instead of passing your actual 16-digit card number to a store, you pass a tokenized number that is unique to you, the transaction, and the merchant.

This makes any stolen card data effectively useless to hackers.

Mastercard now uses generative artificial intelligence to quickly detect when criminals are using stolen debit and credit card data.

Visa has also been using AI to analyze billions of historical banking transactions for signs of fraudulent activity.