The Clearsale Blog

Flokibot Malware and What It Means for Your E-Commerce Business

Flokibot Malware and What It Means for Your E-Commerce Business

In early October 2016, Flashpoint Intelearned about advertisements on an underground forum for a new family of malware known as Flokibot, which has been aggressively stealing credit card data from POS devices across South America.

At this point, it’s not known how or whether Flokibot will also impact e-commerce businesses, which is why it’s so important to keep yourself informed. In this post, we break down everything you need to know about Flokibot.

Understanding Flokibot Malware

Flokibot is a new malware variant that is offered for sale on various darknet markets. It’s based on the 2011 Zeus Trojan malware, which was a particularly nasty piece of software that targeted Microsoft Windows and was often used to steal sensitive financial data from businesses. At the time, Zeus Trojan was one of the most successful botnet viruses in the world, and it affected millions of machines.

Flokibot ramps up the damage with several modifications that make it even more attractive for cybercriminals. Like Zeus, it’s designed to grab credit card data from retail point of sale (POS) devices. Additionally, according to advertisements on the black market, this malware is both adaptable and aggressive.

The initial infection typically occurs via a spearphishing attack, in which a merchant is enticed to open a phony Microsoft Word document either sent as an email attachment or embedded in an exploit kit, which is a software kit designed to run on web servers. Once the document or kit is opened, a macro executes the Flokibot malware and injects malicious code into the victim’s Microsoft Windows file manager. 

The Flokibot code then attempts to infect multiple parts of the merchant’s POS system while hiding its actions and remaining virtually undetected by security teams.

How Flokibot Impacts E-Commerce Businesses

Recently, it was found that Flokibot had compromised the integrated POS devices of multiple Brazilian merchants. It also appears that Flokibot is spreading to other countries, including Australia, Paraguay, Croatia, the Dominican Republic, Argentina, the United States and Canada.

As of right now, the Flokibot malware only appears to target physical point of sale systems, which means it may not be a threat for e-commerce businesses. However, it’s important to remember that cybercriminals are always looking for ways to attack businesses and their customers. It’s not hard to imagine that if cybercriminals can get past the firewalls associated with standard POS systems, they may be able to get past the firewalls associated with e-commerce payments as well.

As an e-commerce merchant, Flokibot also highlights the very real risk that your next order may come from a cybercriminal leveraging stolen data. The best thing you can do is to stay vigilant and protect your business and customers with a fraud protection solution.

Implementing a fraud protection solution offers many benefits to e-commerce merchants. Some of these benefits include:

  • Protecting your business from fraud and chargebacks
  • Understanding what’s happening in your operations
  • Increasing the predictability of your costs
  • Spending less time chasing frequent changes in fraud patterns
  • Increasing approval ratings from customers
  • Eliminating fraud-related back-office costs

At ClearSale, we offer a fully-outsourced fraud protection solution that helps you better detect fraudulent offers and reduce instances of credit card fraud. Our technology is compatible with many widely-used gateways, shopping carts, order management systems, payment processors and acquirers.

To learn more about how ClearSale can help protect your business against fraud, contact us today.

New Call-to-action

You may also like

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

[Industry Focus] Fraud Risk Profile for Nutraceutical and Drug Retailers

As people become more conscious of what they’re putting into their bodies, there’s been an increased demand for high-quality supplements and healthful food and beverages. The result has been a..

3 Ways Tech Can Benefit Remote Teams

3 Ways Tech Can Benefit Remote Teams

Ecommerce businesses are used to an ever-evolving digital connection between them and their customers. But 2020’s COVID-19 pandemic has resulted in that digital connection making its way into the..

Shopping Habits by Gender: What’s Changed in 2020

Shopping Habits by Gender: What’s Changed in 2020

Do men hate shopping online? Are women more worried about fraud?

How Management Should Contribute to Fraud Protection

How Management Should Contribute to Fraud Protection

As companies grow, management often delegates business-critical tasks—marketing, technology, fraud prevention—to different departments. While it might seem to be an efficient way to get things..

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

“I Don’t Need Fraud Protection — My Business Isn’t at Risk!”

As an e-commerce merchant, you know the risk of fraud, false declines and chargebacks. But maybe you think it won’t happen to you because you’re a relatively new — or small — e-commerce merchant,..

How Backtesting Can Improve Fraud Prevention

How Backtesting Can Improve Fraud Prevention

They say hindsight is 20/20, and that’s especially true for e-commerce merchants looking to increase their approval rates and decrease fraudulent transactions. It’s easy to look back at..

Is Fraud Risk Scaring You Away From International Shipping?

Is Fraud Risk Scaring You Away From International Shipping?

With cross-border shopping estimated to make up 20% of e-commerce in 2022, many merchants are right to consider expanding into other countries. So what’s stopping them from pulling the trigger?

Preparing Your E-Commerce Store for the Holiday Season

Preparing Your E-Commerce Store for the Holiday Season

It might still be summer on the calendar, but the holiday shopping season is just around the corner.  Are you ready?

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Impact Analysis: Declined Transactions vs. Fraudulent Transactions

Selling products and services online offers great opportunities for merchants, but it’s not without risk. Savvy cybercriminals use stolen personal data to defraud merchants, and sometimes, a..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog