Gemini company logo

Gemini Advisory Blog

September 20, 2022
Threat Actors Continue to Abuse Google Tag Manager for Payment Card e-Skimming

Editor’s Note: Click here to download the report as a PDF. This report from the Recorded Future® Payment Fraud Intelligence module builds on our earlier reporting on Google Tag Manager (GTM) abuse and provides an updated overview of how threat actors abuse GTM containers to conduct Magecart e-skimmer attacks. The intended audience is law enforcement […]

Read more
July 26, 2022
Bots for Stealing One-Time Passwords Simplify Fraud Schemes

Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. This report details how one-time password (OTP) bypass bots work, how they fit into existing fraud schemes, and the threats they pose to individuals and financial institutions. The report […]

Read more
July 18, 2022
Amid Rising Magecart Attacks on Online Ordering Platforms, Recent Campaigns Infect 311 Restaurants

Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. Threat actors infect e-commerce websites with Magecart e-skimmers to steal online shoppers’ payment card data, billing information, and personally identifiable information (PII). To counter this threat, Recorded Future’s Magecart […]

Read more
May 4, 2022
Russian Invasion of Ukraine and Sanctions Portend Rise in Card Fraud

This report analyzes technical, political, and socioeconomic factors contributing to the scale of card fraud conducted by Russia-based threat actors within the context of the Russian invasion of Ukraine. The sources for this report are Russian-language dark web forums and Telegram channels, information provided by the Ukrainian government, and open-source reporting. The intended audience of […]

Read more
January 26, 2022
Gemini Annual Report 2021: Magecart Thrives in the Payment Card Fraud Landscape

01/26/2022 Key Findings The underground payment card economy in 2021 saw new tactics enable new attack vectors, raising certain fraud schemes to higher prominence, such as attacks leveraging Google Tag Manager (GTM) and WebSockets, the Skimmer-as-a-Service model, and card checker innovations.  The levels of Card Present (CP) records offered for sale on the dark web […]

Read more
January 13, 2022
FIN7 Uses Flash Drives to Spread Remote Access Trojan

01/13/2022 Executive Summary Recorded Future analysts continue to monitor the activities of the FIN7 group as they adapt and expand their cybercrime operations. Gemini has conducted a more in-depth investigation into these types of attack after a Gemini source provided analysts with the file “sketch_jul31a.ino”, which was linked to FIN7’s BadUSB attacks. The file had […]

Read more

Choose your region:

Choose your state:

Book a Demo
This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services

Allow all cookies