Operation Huyao Phishes Financial Details of Shopping Sites

Today researchers with Trend Micro published a report on a new phishing technique, known as the Huyao Operation, which utilized a fresh take on one of the oldest scams in the book.

Instead of completely replicating entire pages that can be used to lure in would-be shoppers, instead Hayuo creates a new path of approach, injecting proxy-based input boxes that can record a user’s credit card information from inside the checkout system on the website itself.

“We’ve found a new phishing technique targeting online shopping sites that may significantly change the threat landscape for phishing sites. Conventional phishing sites require an attacker to replicate the targeted site; a more accurate copy is more likely to fool intended victims.

This technique we found allows for the creation of nearly perfect copies – because the attacker no longer needs to create a copy of the site at all. Instead, the phishing page only contains a proxy program, which acts as a relay to the legitimate site. Only when any information theft needs to be carried out are any pages modified. The owners of the legitimate site would find it very difficult to detect these attacks against their customers.”

Photo: Trend Micro

This is a highly inventive, and very concerning way to glean customer’s financial information from popular web portals, and could prove exceedingly difficult for standard detection methods to catch considering the angle of attack.

As the season ramps up you can expect to see more of these kinds of threats popping out of the cracks, eager to take advantage of the shopping frenzy and fool people into having their information stolen during the most inconvenient time of the year.

Phishing attacks are certainly nothing new to the world of online purchasing during Christmastime, but with POS hacks becoming all the rage last year (the most serious of which made off with most of their payload during the vital months of November and December), it’s likely that consumers will be sticking to holiday hubs like Amazon in the hopes that their debit card data stays protected.

Hackers know how to take advantage of people’s worst fears and twist them to their advantage, so be sure that whenever you’re planning to make a big buy online you always double check the URL, and have some sort of browser-scanning antivirus software installed that can protect you in case you accidentally navigate to an unrecognized site.

So far, Trend Micro says they’ve only detected one instance of Huyao in the wild, on a little known Japanese site that mainly sells small electronics and gadgets. That in mind, this first detection could simply be a proof of concept, and if successful, it has the potential to catch the eye of larger criminal organizations and quickly snowball out of control if the security community doesn’t react in time.

“So far, we have only identified this attack targeting one specific online store in Japan. However, if this attack becomes more prominent, it could become a very worrying development: this makes phishing harder to detect by end users, as the phishing sites will be nearly identical to the original sites.”