Home Latest News Card Skimmers Have New Tricks up Their Sleeves

Card Skimmers Have New Tricks up Their Sleeves

by CISOCONNECT Bureau

The card skimming landscape continues to evolve as cybercriminals learn new techniques to avoid detection.

Online shoppers, Beware!
• Unaware online shoppers may visit a site that has been affected with a web skimmer and make purchases, while unintentionally handing over their payment details to criminals.
• Skimming codes are inserted seamlessly within the shopping sites and only those equipped with proper networking tools or a keen eye for tiny details can notice any malicious activity.
• The skimmers become active on payment pages and stealthily exfiltrate personal and financial data entered by the customers.

A pack of new tricks
• Skimming attacks have become increasingly sophisticated as skimmers have learned new ways to stash malicious JavaScript in e-commerce sites. Threat actors are exploiting vulnerabilities present in such websites to install skimming malware and gain access to the form fields submitted by customers.
• Skimmers are looking for input-field names on webpages to perform data exfiltration. They are using communication services for the exfiltration, which is triggered when the browser’s current URL has a keyword showing signs of a shopping website and when the users validate their purchases.

Recent skimming attacks
• The third-largest global music recording company, Warner Music Group (WMG), disclosed a data breach showing signs of a Magecart attack. Reportedly, WMG’s multiple e-commerce websites—hosted and supported by an external service provider—were compromised, enabling hackers to steal customers’ personal information entered into those sites.
• In a recent attack, Magecart credit card skimmers used Telegram as a channel for sending stolen credit card information back to its C2 servers. They exfiltrated the payment details using Telegram’s API and posted them into a chat channel. By leveraging simple Base64 encoding, the skimmers encoded the bot ID, the channel, and the Telegram API request.
• The American Payroll Association (APA) reported a skimming attack in which hackers installed skimming malware on their website’s login page as well as the checkout section by abusing a vulnerability in their CMS. In the incident, attackers gained access to customers’ login credentials, personal information, and payment card details.

Final thoughts
As always, organizations need to adapt best-of-breed tools and methodologies to keep pace with skimming attacks. Moreover, e-commerce vendors need to especially step up their game to thwart such cyberattacks and maintain the trust of their customers. Taking a proactive approach, security researchers and online merchants can collaboratively overcome skimming attacks.

Recommended for You

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads