The Danger Behind Santa’s Beard

Santa’s beard is usually white, the colour of purity and innocence. However, cyber-criminals targeting online shoppers enjoying the run up to the Black Friday and Christmas holidays this year could be trying to take advantage of that innocence.


Researchers at Check Point recently discovered that criminals have a new way to trick merry online shoppers via the massively popular AliExpress shopping portal. With more than 100 million customers and $23bn in revenue worldwide, AliExpress, part of the AliBaba Group, is one of the most popular places to shop online.


After discovering the vulnerability, Check Point Researchers immediately informed AliExpress who, due to their very serious approach to cybersecurity, took swift action and fixed it within two days of notification. This is highly commendable and sets an example to other online retailers.


How The Attack Works

The new vulnerability allows criminals to target AliExpress users by sending them a link to an AliExpress web page containing malicious Javascript code. Upon opening the page, the code is executed in the user’s web browser and thereby bypasses AliExpress’s protection against cross-site scripting attacks by using an open redirect vulnerability on the web site.


Theoretically, cyber criminals could initiate this attack through an email phishing campaign, leveraging AliExpress’s regular customer journey with barely any indication to the user that anything unusual or untoward is happening. Hence, it is unlikely the user would smell anything ‘phishy’ at all.


The attackers could then present a pop-up coupon offer on the home screen – running under an AliExpress owned subdomain – asking customers to provide credit card details to allow for a smoother and more efficient shopping experience. The attackers, however, are solely controlling this pop-up window with all credit card details entered sent directly to them rather than the shopping site.


With recent reports indicating that cyber-attacks on online retailers have doubled since 2016, shoppers should be aware that Santa’s beard may not always be as white as it seems, and remain vigilant while shopping online at any site this holiday season.


For more details on how this attack operates, please see our full research investigation.


Related Story: