Security researchers have uncovered a sophisticated information-stealing fraud network that lures victims to fake web shops via malicious Facebook ads.
Dubbed “Eriakos” after the content delivery network (CDN) used by the threat actor, the campaign exclusively targets mobile devices and users, with the scam websites only accessible via malvertising in order to evade security scanners, said Recorded Future.
The threat intelligence specialist claimed to have discovered 608 fraudulent e-commerce websites under the control of a single actor or group.
“Merchant accounts and related domains linked to the scam websites are registered in China, indicating that the threat actors operating this campaign likely established the business they use to manage the scam merchant accounts in China,” the report explained.
“The scam campaign was designed to steal victims’ funds, card data, and PII through transactions with linked merchant accounts. The scam e-commerce websites we identified combined brand exploitation with time-sensitive offers, likely to create a sense of urgency among victims.”
Read more on e-commerce scams: Fake Online Stores Scam Over 850,000 Shoppers
The threat actor sends out dozens of ads related to a single scam website, so that even if some are blocked by Facebook’s filters, others reach their victims.
“The short life of the actual scam domains suggests the ad campaigns were likely also designed to be short-lived, indicating their operators’ intention to attract and defraud their victims quickly. This tactic is more likely to be effective when scam advertising campaigns are operated at scale, as was the case for this campaign,” Recorded Future explained.
“The concurrent presence of over 100 ads for a single scam website domain on the same platform is likely to attract victims to the linked domains whether or not the ads are detected and blocked in a timely manner.”
According to the report, the campaign impersonates two popular brands: a major online e-commerce platform and a power tools manufacturer.
Although it’s unclear when it first emerged, Eriakos was discovered on April 17 and persists to this day.