Holiday shoppers beware: Multiple malware families actively hunting for data ahead of Black Friday

  • Online shoppers are currently being targeted by around 14 malware families, including Zeus, Betabot, IcedID, and more.
  • The malware variants have been observed targeting at least 67 online shopping sites.

Holiday shopping can be extremely stressful, which is why a majority of people have begun shopping online. While online shopping can offer convenience and can be a time-saver, there are some risks involved. For consumers, online shopping can be a boon, but for cybercriminals, it offers an opportunity.

Security experts have observed an uptick in the activities of several malware variants just ahead of Black Friday. Around 14 malware families have been discovered targeting online holiday shoppers.

Banking malware variants such as Betabot, Panda, Gozi, Zeus, Chthonic, TinyNuke, Gootkit2, IcedID and SpyEye have been seen targeting at least 67 online shopping sites. Researchers at Kaspersky Labs believe that the malware authors use the e-commerce site to hunt for users’ login credentials, card details, phone numbers and more.

“The 14 malware families were found to be targeting a total of 67 consumer e-commerce sites between them. This includes 33 ‘consumer apparel’ sites (clothing, footwear, gifts, toys, jewelry, and department stores), eight consumer electronics sites, eight entertainment and gaming sites, three popular telecoms sites, two online payment sites, and three online retail platforms, among others,” Kaspersky Labs researchers said.

These malware families could allow cybercriminals to harvest massive amounts of personal data, which they could later sell on the dark web.

“At such a crucial shopping time of year, retailers must proactively convince consumers that their digital shopping experience is secure. In fact, security should be leveraged as a selling point to demonstrate that customer data safety takes priority over sales on Black Friday,” Radware researchers said in a report.