Revealing new tricks to help cybercriminals easily steal bank card information

In the digital age, personal data has become a “valuable asset” that everyone needs to protect. Account passwords, bank card information or e-wallets are not only linked to users’ finances but also the door to digital identity, private life and even work. With just a small loophole, all of this sensitive information can be exploited and put on the black market online, causing unpredictable consequences.

Recently, security firm Kaspersky announced a discovery that shocked the global cybersecurity community. Accordingly, cybercriminals can take advantage of Model Context Protocol (MCP) to carry out sophisticated attacks. If successful, hackers can easily steal passwords, credit card information, cryptocurrency wallets and many other top-secret data.

The worrying thing is that MCP was originally developed to enhance the connectivity of AI systems with external tools and services, making them work smarter and more useful. But like any other open source tool, MCP has two sides: it is both a “lever” for technological development and has the potential to become a “backdoor” for hackers.

In this article, we will learn in detail about Kaspersky's new discovery, how hackers can exploit MCP to attack, how dangerous it is, and most importantly: what users need to do to protect themselves from the emerging threat.

1. What is Model Context Protocol and why is it important?

Model Context Protocol (MCP) is a connectivity protocol introduced by Anthropic in 2024. MCP allows AI systems to connect directly to external tools and services.

The goal of MCP is pretty clear: to make AI not just a “talking brain” but a real “digital assistant”. Instead of just answering questions or creating content, AI thanks to MCP can proactively search for documents, update databases, retrieve CRM, manage source code, work with APIs or even access the company’s financial and cloud data.

For example, a company can deploy an LLM that integrates MCP to let AI automatically aggregate reports from multiple data sources, check system status on the cloud, or support programmers in managing code repositories on GitHub. MCP thus becomes an important “bridge” between AI and the wider digital world.

However, this deep connection is a double-edged sword. If bad actors control the MCP server or exploit vulnerabilities in its operation, they can turn AI into an “unwilling minion”, helping to collect and transfer sensitive data without the user knowing.

2. Hackers can exploit MCP to steal data

Kaspersky Emergency Response Team (GERT) experts conducted a series of lab tests to verify the level of danger. The results showed that if exploited, MCP could become an extremely powerful tool in the hands of cybercriminals.

In the simulation, Kaspersky simulated a programmer's computer with a malicious MCP server installed . Immediately, the attacker could access and collect a variety of important data, including:

· Passwords are stored in the browser.      

· User credit card information.      

· Crypto wallet file.      

· API token and certificate information.      

· Cloud configuration and many other important data.      

The most dangerous point is that it is very difficult for users to detect any abnormal signs. With this form of attack, everything happens “silently” behind the scenes, without causing any obvious problems on the system. Users continue to work normally while their data has been copied and transferred by hackers.

According to Kaspersky, to date, there have been no recorded cases of MCP attacks in practice. However, proving that this scenario is completely feasible is a clear warning: hackers will certainly not ignore such a potential "gateway".

3. What can hackers do with stolen data?

Once sensitive data falls into the hands of hackers, the consequences are extremely serious. Passwords, credit cards or e-wallets are the “keys” to accessing the victim’s digital assets and online identity.

If they get the password, hackers can log into email accounts, social networks, work systems, or online banking services. With credit card information, they can make unauthorized transactions, withdraw money, or sell the information on the black market. Cryptocurrency wallets are even more dangerous, because blockchain transactions are almost irreversible, meaning money once lost cannot be recovered.

Not only that, data such as API tokens or cloud configurations also allow hackers to attack corporate systems, causing millions of dollars in damage. In addition, installing backdoors or spreading ransomware from the initial point of entry via MCP is also completely possible.

In other words, if successfully exploited, MCP can turn into a giant “backdoor”, opening the way for a series of cybercrimes from individuals to organizations.

4. Why are users easily fooled?

One of the reasons why MCP attacks are so dangerous is because of their high level of stealth . Unlike traditional forms of phishing such as fake emails or malicious links, this method creates almost no unusual signs that users can easily identify.

In many cases, users believe they are just working normally with AI or related applications. However, behind the scenes, the MCP server has been replaced or malicious code has been inserted, causing all exchanged data to be stolen.

This is reminiscent of previous supply chain attacks, where hackers did not attack users directly but through software or intermediary tools. MCP, as the “bridge” of AI, is the ideal intermediary point for bad actors to exploit.

5. Future danger level

Although MCP attacks are still experimental, experts say the future risks are huge. As MCPs become more widely used in commercial AI systems, the likelihood of them becoming a priority target for hackers is certain.

Cybercriminals are always one step ahead, willing to invest time and resources to find ways to exploit new technologies. Once they discover vulnerabilities, they quickly commercialize them as Attack-as-a-Service and sell them on the dark web. This means that anyone can pay to rent MCP mining tools without deep technical knowledge.

Furthermore, personal and financial data is increasingly valuable. A single set of credit card information can be sold for tens of dollars, while cryptocurrency wallets can bring huge profits to hackers. With such benefits, it is not difficult to understand why MCPs would quickly be "targeted".

6. What should users do to protect data?

While the threat of MCP is still relatively uncommon, it is always wise to be proactive. Individuals and businesses should be vigilant and adhere to basic safety principles such as:

· Always keep your software up to date, especially AI-related tools and connection protocols.      

· Be careful when installing or using an MCP server from an untrusted source.      

· Use multi-factor authentication (MFA) to increase security for important accounts.      

· Regularly review and change passwords and do not save passwords directly in the browser.      

· Businesses need to deploy network security monitoring solutions to detect unusual behavior early.      

Most importantly, everyone needs to be aware that security depends not only on technology but also on daily usage habits.

7. Conclusion

Kaspersky’s new discovery of hackers abusing the Model Context Protocol (MCP) is a wake-up call. While AI and connectivity offer countless opportunities to optimize work and life, they also pose unprecedented security risks.

Passwords, credit cards, e-wallets and personal data are the lucrative targets that cybercriminals are constantly aiming for. Although the MCP attack method has not appeared in reality, users cannot be subjective. Early preparation, from raising awareness to applying security measures, will be an effective "shield" for us to protect ourselves and our organizations from the gradually forming dangers.

In the AI ​​era, convenience and safety go hand in hand. Only by understanding both the opportunities and risks can we leverage technology intelligently and sustainably.