Dec 16, 2021
0 0

Sites hacked with credit card stealers undetected for months

Written by

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws
New ransomware now being deployed in Log4Shell attacks
Microsoft fixes Windows AppX Installer zero-day used by Emotet
Log4j vulnerability now used by state-backed hackers, access brokers
Lenovo laptops vulnerable to bug allowing admin privileges
Hive ransomware enters big league with hundreds breached in four months
Take control of your iOS devices with iMazing on Mac/PC, now 57% off
Phorpiex botnet returns with new tricks making it harder to disrupt
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Credit card payment
Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers.
Magecart skimming is an attack that involves the injection of malicious JavaScript code on a target website, which runs when the visitor is at the checkout page.
The code can steal payment details such as credit card number, holder name, addresses, and CVV, and send them to the actor.
Threat actors may then use this information for purchasing goods online or sold to other actors on underground forums and dark web marketplaces known as “carding” sites.
In October 2021, Akamai researchers discovered a Magecart attack on SCUF Gaming International, a leading manufacturer of custom PC and console controllers, which resulted in the compromise of the financial details of 32,000 people.
By investigating deeper, the analysts found that the same actor responsible for the attack against SCUF was operating an extensive network of skimmers that stole credit card details from several sites.
These are:
The smaller the Alexa rank number, the more traffic that website receives, so the longer the skimmer stays undetected, the more credit card details Magecart actors steal.
As such, actors limit the activity on their scripts to only valuable pages to keep their skimmers hidden on infected sites, making Akamai’s investigation harder.
“We found that the skimmer’s command and control (C2) server responds with clean code when running on non-sensitive pages…,” explains Akamai’s report.
“…and (the skimmer) only sends the malicious code if it runs on checkout pages, where credit card information can be found.”
Another anti-detection technique followed by Magecart actors is registering a new skimming domain for each targeted website.
If their skimming operation is exposed/discovered, they deactivate that domain and continue the malicious activities on the other sites.
In this particular case, the actors used the same C2 domain for four websites, so a small cluster was unveiled almost at once.
Consumers who indulge in online shopping are advised to be extra cautious during Christmas when Magecart actors increase their efforts.
Detecting skimmers is the responsibility of e-commerce site owners, not their visitors, so the latter can instead do the following:
If you have bought anything using your credit card from the seven websites listed above this year, consider your payment details compromised and call your bank to request a card replacement.
New Linux malware hides in cron jobs with invalid dates
New malware hides as legit nginx process on e-commerce servers
Costco discloses data breach after finding credit card skimmer
Hackers infect random WordPress plugins to steal credit cards
XE Group exposed for eight years of hacking, credit card theft
Not a member yet? Register Now
Log4j: List of vulnerable products and vendor advisories
Hackers steal Microsoft Exchange credentials using IIS module
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


Article Categories:
Cybersecurity News

Comments are closed.