Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,' ‘Black Friday,' and ‘Flash S
Summary:
The 2025 holiday season is seeing an unprecedented wave of malicious online activity as cybercriminals take advantage of shoppers looking for promotions and limited-time deals. According to FortiGaurd, it identified more than 18,000 holiday-themed domains registered in the past three months, including terms such as “Christmas,” “Black Friday,” and “Flash sale,” 750 of which were confirmed as malicious. Another 19,000 domains have been observed mimicking major retail brands, with nearly 3,00 verified as malicious. Although a portion of the domains remain inactive to evade early detection, hundreds are still actively being used to host phishing pages, impersonate storefronts, run gift-card scams, and harvest payment information.
At the same time, actors are exploiting newly discovered and long-standing vulnerabilities across widely used e-commerce platforms such as Adobe/Magento (CVE-2025-54236), Oracle EBS (CVE-2025-61882), and WooCommerce (CVE-2025-47569). These vulnerabilities enable actors to conduct remote code execution, ERP data theft, payment skimming, and JavaScript-based Magecart injections that quietly siphon credit-card data from checkout pages.
There has also been a surge in the number of stolen credential data circulating in underground markets. In the past three months, more than 1.57 million login accounts tied to major e-commerce platforms have been collected through stealer logs, which contain passwords, session cookies, autofill data, and device fingerprints. Criminal marketplaces now index these logs with advanced search tools and automated delivery systems, lowering the barrier to launch credential stuffing attacks, account takeovers, and fraudulent purchases at scale.
Security Officer Comments:
The surge in login data, exploitation of e-commerce platform vulnerabilities, and creation of fake retail and holiday-themed websites point to well coordinated large-scale campaigns that are carefully timed for maximum impact. Attackers are preparing months in advance, gathering credentials through stealer logs, identifying CVEs in platforms like Magento and WooCommerce, and setting up deceptive domains designed to trick distracted shoppers during the holiday season. These combined efforts have enabled actors to conduct account takeovers, deploy payment skimmers, and impersonate legitimate brands right when online shopping activity is expected to peak.
Suggested Corrections:
Best practices for organizations:
https://cybersecuritynews.com/hackers-registered-18000-holiday-themed-domains/
The 2025 holiday season is seeing an unprecedented wave of malicious online activity as cybercriminals take advantage of shoppers looking for promotions and limited-time deals. According to FortiGaurd, it identified more than 18,000 holiday-themed domains registered in the past three months, including terms such as “Christmas,” “Black Friday,” and “Flash sale,” 750 of which were confirmed as malicious. Another 19,000 domains have been observed mimicking major retail brands, with nearly 3,00 verified as malicious. Although a portion of the domains remain inactive to evade early detection, hundreds are still actively being used to host phishing pages, impersonate storefronts, run gift-card scams, and harvest payment information.
At the same time, actors are exploiting newly discovered and long-standing vulnerabilities across widely used e-commerce platforms such as Adobe/Magento (CVE-2025-54236), Oracle EBS (CVE-2025-61882), and WooCommerce (CVE-2025-47569). These vulnerabilities enable actors to conduct remote code execution, ERP data theft, payment skimming, and JavaScript-based Magecart injections that quietly siphon credit-card data from checkout pages.
There has also been a surge in the number of stolen credential data circulating in underground markets. In the past three months, more than 1.57 million login accounts tied to major e-commerce platforms have been collected through stealer logs, which contain passwords, session cookies, autofill data, and device fingerprints. Criminal marketplaces now index these logs with advanced search tools and automated delivery systems, lowering the barrier to launch credential stuffing attacks, account takeovers, and fraudulent purchases at scale.
Security Officer Comments:
The surge in login data, exploitation of e-commerce platform vulnerabilities, and creation of fake retail and holiday-themed websites point to well coordinated large-scale campaigns that are carefully timed for maximum impact. Attackers are preparing months in advance, gathering credentials through stealer logs, identifying CVEs in platforms like Magento and WooCommerce, and setting up deceptive domains designed to trick distracted shoppers during the holiday season. These combined efforts have enabled actors to conduct account takeovers, deploy payment skimmers, and impersonate legitimate brands right when online shopping activity is expected to peak.
Suggested Corrections:
Best practices for organizations:
- Keep all e-commerce platforms, plugins, themes, and third-party integrations fully updated, and remove anything not being used.
- Enforce HTTPS everywhere and secure session cookies, administrative pages, and checkout flows.
- Require MFA on administrative and high-risk accounts and enforce strong password policies.
- Use bot management, rate limiting, and anomaly detection tools to reduce credential abuse.
- Monitor for deceptive or lookalike domains impersonating your brand and act quickly on takedowns.
- Scan for unauthorized script changes and deploy controls to detect payment-page tampering or skimmers.
- Centralize logging to monitor for suspicious administrative actions, session hijacking, or unusual database access.
- Ensure that your fraud, security, and customer support teams follow a shared cyber-event escalation path throughout the holiday period.
- Verify website URLs carefully before entering login or payment information.
- Use credit cards or trusted payment processors that offer fraud protection.
- Enable MFA on shopping, email, and banking accounts.
- Avoid public Wi-Fi or use a VPN when making purchases or managing financial accounts.
- Be cautious with unsolicited messages and unrealistic promotions, particularly those tied to deliveries or discounts.
- Review your bank and card statements regularly to quickly detect unauthorized charges.
https://cybersecuritynews.com/hackers-registered-18000-holiday-themed-domains/