Distil Networks, a cybersecurity firm, says the botnet, nicknamed GiftGhostBot, has started attacks on February 26. The operators of this botnet aimed their attacks at the infrastructure embedded in some of the targeted websites, most of which are online stores. These websites allow their customers to buy products with gift cards, and support end points for interacting with the card's issuer. Operators of the GiftGhostBot botnet launch brute-force attacks against these endpoints. Their attacks rely on querying random gift card numbers. If the endpoint responds, this means the card is valid and holds more or fewer funds. Distil Networks says the attackers use, on average, over 6,400 unique device fingerprints per hour. To stop GiftGhostBot attacks, Distil experts recommend that website owners implement a captcha system or add a rate limit for "Check-your-Gift-Card-Balance" pages/requests. Gift card owners should contact authorities if they discover that their gift card was wrongly used.