A large-scale webshop fraud operation, nicknamed “BogusBazaar,” has reportedly stolen credit card details from over 850,000 unsuspecting victims across the United States and Europe.
According to a report by the German cybersecurity firm Security Research Labs GmbH (SRLabs), The criminal enterprise is believed to have functioned through a network of over 75,000 fake online stores. These shops were designed to appear legitimate, often featuring common names, logos, and enticing deals, particularly on clothing and footwear.
The fraudulent websites likely harvested credit card information during the checkout process. Estimates suggest millions of stolen credit card details were placed up for sale on dark web marketplaces, enabling other cybercriminals to misuse the financial data. Additionally, BogusBazaar attempted to process fraudulent orders totaling around $50 million.
“The group has adopted an ‘infrastructure-as-a-service’ model: A core team is responsible for infrastructure management, while a decentralized network of franchisees operates fraudulent shops,” reads the SRLabs report.
“The BogusBazaar core team deploys infrastructure and appears to operate only a small number of fake webshops. The core team is responsible for developing software, deploying backends, and customizing various WordPress plugins that support fraud operations.”
While the network initially comprised over 75,000 fake stores, reports indicate a decrease to roughly 22,500 active sites. Law enforcement agencies are likely taking steps to dismantle BogusBazaar completely.
