{"id":57312,"date":"2024-10-04T23:44:05","date_gmt":"2024-10-04T23:44:05","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/"},"modified":"2024-10-04T23:44:05","modified_gmt":"2024-10-04T23:44:05","slug":"big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/","title":{"rendered":"Big brands among thousands infected by payment-card-stealing CosmicSting crooks"},"content":{"rendered":"<p><span class=\"label\">Updated<\/span> Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers&#8217; payment card info as they order stuff online.<\/p>\n<p>CosmicSting is the name for a critical vulnerability, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-34102\">CVE-2024-34102<\/a>, in Adobe&#8217;s Commerce and Magento software, and can be used to tamper with the pages of sites so that user data can quietly siphoned.<\/p>\n<p>At least seven cybercrime gangs are said to be behind the ongoing cyber-heists exploiting CosmicSting. Over the summer here in the northern hemisphere, the crooks managed to hit 4,275 merchants that use Commerce and Magento to run their online shops, eCommerce monitoring firm Sansec <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sansec.io\/research\/cosmicsting-fallout\">reported this week<\/a>. That&#8217;s apparently five percent of all Adobe Commerce and Magento stores.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>We&#8217;ve asked Sansec and the above-named victims for more details, and to determine whether they&#8217;ve been able to patch their websites yet.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p><em>The Register<\/em> <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/09\/06\/cisco_merch_adobe_magento_attack\/\" rel=\"noopener\">spoke with Cisco<\/a> last month, shortly after miscreants exploited CosmicSting to attack Switchzilla&#8217;s Magento-based merch site, and a spokesperson assured us the security weakness had been addressed. &#8220;Based on our investigation, the issue impacted only a limited number of site users, and those users have been notified,&#8221; the Cisco spokesperson said. &#8220;No credentials were compromised.&#8221;<\/p>\n<p>For what it&#8217;s worth, CosmicSting can be exploited to not just steal card info, if available, but any information from a compromised site&#8217;s page, such as customer login credentials and data.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Adobe&#8217;s Commerce and Magento is widely used by online shopping sites, and thus attract crooks wanting to intercept and steal data from shoppers so that it can be used for fraud. Because of this, <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/08\/11\/magento_shopping_cart_attack_targets\/\" rel=\"noopener\">Magento-targeting exploits<\/a> are collectively labeled Magecart attacks. Adobe Commerce is essentially powered by Magento, which the Photoshop giant <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2018\/05\/22\/adobe_acquires_magento\/\" rel=\"noopener\">bought<\/a> in 2018 for $1.68 billion.<\/p>\n<p>Getting down to details: CVE-2024-34102 is a 9.8-out-of-10 CVSS-rated unauthenticated XXE (XML External Entity) vulnerability that can be <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.vicarius.io\/vsociety\/posts\/cosmicsting-critical-unauthenticated-xxe-vulnerability-in-adobe-commerce-and-magento-cve-2024-34102\">exploited<\/a> to ultimately alter webpages served by vulnerable Adobe Commerce and Magento deployments.<\/p>\n<p>In the case of these aforementioned attacks, the crooks use CosmicSting to add malicious JavaScript to checkout pages to steal customers&#8217; payment information as they type it in, or alter other pages to take other data. It was discovered and reported by <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/spacewasp\/public_docs\/blob\/main\/CVE-2024-34102.md\">Sergey Temnikov<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>CVE-2024-34102 can be optionally combined with the high-severity <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.ambionics.io\/blog\/iconv-cve-2024-2961-p1\">CVE-2024-2961<\/a> \u2013 a glibc buffer overflow that&#8217;s accessible on Linux from PHP \u2013 to achieve remote code execution on a vulnerable Commerce or Magento server host. That latter flaw can be used to install a backdoor on the machine for persistent access.<\/p>\n<p>Adobe <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/magento\/apsb24-40.html\">patched<\/a> CVE-2024-34102 on June 11, but by then &#8220;<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sansec.io\/research\/cosmicsting#timeline\">automated attacks<\/a> had already begun,&#8221; according to Sansec.<\/p>\n<p>At least seven distinct groups are running &#8220;large scale&#8221; CosmicSting campaigns, in which they use the flaw to obtain secret Magento keys from installations to generate tokens that grant unrestricted access to the Magento API, allowing sites to be edited.<\/p>\n<p>With Magecart attacks, the first criminals to compromise a site will usually block others from moving in on their turf. &#8220;However, the CosmicSting vulnerability prevents this, leading to multiple groups fighting for control over the same store and evicting each other again and again,&#8221; the Sansec forensics team noted.<\/p>\n<p>In some cases, three different gangs were spotted squabbling over the same store, we&#8217;re told.<\/p>\n<p>As part of its ongoing analysis, Sansec has collected different CosmicSting loaders, each associated with different infrastructure and data-stealing methods, and published a full list of <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sansec.io\/research\/cosmicsting\/#attack-attribution\">attack indicators<\/a>, which is worth checking out, especially if you operate an online Magento shop.<\/p>\n<p>Despite the ongoing warnings, &#8220;Sansec projects that more stores will get hacked in the coming months,&#8221; the researchers wrote. \u00ae<\/p>\n<h3 class=\"crosshead\">Updated to add at 2245 UTC<\/h3>\n<p><em>The Register<\/em> heard back from Sansec and Ray Ban post publication, and it appears the online stores are taking steps to prevent more CosmicSting attacks.<\/p>\n<p>For the most part, anyway.<\/p>\n<p>The sunglasses slinger did not answer our questions, and instead gave us the usual, \u201cwe take security very seriously,&#8221; spiel. That said, according to Sansec, Ray Ban did patch its systems on October 3.<\/p>\n<p>\u201cNational Geographic still infected,\u201d we&#8217;re told, while \u201cthe others fixed it in the last couple weeks after we notified them.&#8221;<\/p>\n<p>Of the 4,275 merchants, about half removed the malware, we\u2019re told. \u201cHowever we cannot tell if they actually cycled their keys,&#8221; the researchers noted. &#8220;If not, they will likely get reinfected within days.&#8221;<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/10\/04\/cisco_ray_ban_whirpool_cosmicsting_hack\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Gangs hit 5% of all Adobe Commerce, Magento-powered stores, Sansec says Updated\u00a0 Ray-Ban, National Geographic, Whirlpool, and Segway are among thousands of brands whose web stores were reportedly compromised by criminals exploiting the CosmicSting flaw in hope of stealing shoppers&#8217; payment card info as they order stuff online.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-57312","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Big brands among thousands infected by payment-card-stealing CosmicSting crooks 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Big brands among thousands infected by payment-card-stealing CosmicSting crooks 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-04T23:44:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Big brands among thousands infected by payment-card-stealing CosmicSting crooks\",\"datePublished\":\"2024-10-04T23:44:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/\"},\"wordCount\":746,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_specialfeatures\\\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/\",\"name\":\"Big brands among thousands infected by payment-card-stealing CosmicSting crooks 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_specialfeatures\\\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-10-04T23:44:05+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_specialfeatures\\\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_specialfeatures\\\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Big brands among thousands infected by payment-card-stealing CosmicSting crooks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Big brands among thousands infected by payment-card-stealing CosmicSting crooks 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/","og_locale":"en_US","og_type":"article","og_title":"Big brands among thousands infected by payment-card-stealing CosmicSting crooks 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-10-04T23:44:05+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Big brands among thousands infected by payment-card-stealing CosmicSting crooks","datePublished":"2024-10-04T23:44:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/"},"wordCount":746,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/","url":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/","name":"Big brands among thousands infected by payment-card-stealing CosmicSting crooks 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-10-04T23:44:05+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_specialfeatures\/cybersecuritymonth&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZwNUAQMXSkSISX8kuVNOKgAAAAI&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/big-brands-among-thousands-infected-by-payment-card-stealing-cosmicsting-crooks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Big brands among thousands infected by payment-card-stealing CosmicSting crooks"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57312"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57312\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}