Two new carding bots that pose a threat to e-commerce platforms have been detected at the start of the busiest shopping period of the year.
The discovery was made by an eagle-eyed PerimeterX research team, which launched an investigation after the number of cyber-attacks against their own checkout pages surged.
One of the new carding bots, named the canary bot, specifically exploits top e-commerce platforms. The other bot, dubbed the shortcut bot, bypasses the e-commerce website entirely and instead exploits the card payment vendor APIs used by a website or mobile app.
Carding is a brute force attack on a retailer’s website using stolen credit cards or gift cards. Threat actors use carding to mass-verify millions of stolen credit cards and generate a list of valid credit cards.