Popular retail sites spoofed to pilfer payment details

Thousands of phishing sites masquerading as websites belonging to Apple, Nordstrom, Michael Kors, PayPal, and other retailers have been used by suspected Chinese threat actors to compromise payment details as part of an ongoing months-long global attack campaign, according to The Record, a news site by cybersecurity firm Recorded Future.

Attacks part of the campaign, which was initially discovered by Mexican journalist Ignacio Gomez Villaseñor in May, involved malicious websites with fraudulent checkout pages and scraped product listings that facilitate the exfiltration of card data, a report from Silent Push showed. Additional details regarding the scheme's impact remains uncertain but the campaign remains very much active despite a crackdown on many of the websites, said Silent Push. Such a development comes after a spate of cyberattacks against the retail sector, with Victoria's Secret disclosing an internal systems interruption following a May breach. Similar data breaches have also been reported by Tiffany & Co., Adidas, Cartier, and Dior.