The high season of cyber attacks begins

Black Friday begins a great era of consumption where online gains ground

   This weekend begins the Christmas campaign with Black Friday and Cyber ​​Monday, two key dates for consumers around the world. An ideal time for cybercriminals, who try to trick them into gaining control of Internet users' data.

Check Point researchers have recently discovered that hackers have a new way of tricking consumers online through the popular AliExpress portal. With more than 100 million customers and 23,000 million dollars in revenue worldwide, this AliBaba Group company is one of the most popular options to buy online.

The new vulnerability allows cybercriminals to target buyers by sending them a link to AliExpress with malicious Javascript code. When the page is opened, the malware runs in the user's browser and bypasses the portal's protection against cross-site scripting (XSS) attacks. To do this, a redirect vulnerability is used on the web.

In theory, cybercriminals could initiate this attack through a phishing campaign by email, taking advantage of the usual route of AliExpress customers without just telling the user that something strange is happening.

The attackers could then present a pop-up coupon offer on the home screen - running under a subdomain owned by AliExpress - asking customers to provide credit card details to allow for a more convenient and efficient shopping experience. However, they would be taking control of all the victim's bank credentials.

Taking into account the latest reports that cyber attacks to online retailers have doubled since 2016, buyers should be aware that trying to save a few euros can sometimes be very expensive, and stay alert while shopping on the Internet during the season of parties.