Two new carding bots have been spotted exploiting top e-commerce platforms and card payment vendor APIs for websites or mobile apps. One bot mimicked human behavior by creating a shopping cart, adding products to it, and including shipping information. The second bot is called ‘Shortcut’ because it tries to avoid detection and evasion options completely, thus evading detection and mitigation options. Data shows that while legitimate traffic goes down, in expectation of events like Black Friday and Cyber Monday, malicious traffic skyrockets, sometimes increasing to over 700%.
Source: https://www.bleepingcomputer.com/news/security/carding-bots-testing-payment-info-ahead-of-big-shopping-events/