Home Malware Web payment card skimmers add anti-forensics capabilities

Web payment card skimmers add anti-forensics capabilities

by ethhack

Researchers have detected compromises on ecommerce sites with a new JavaScript-based payment card skimmer that uses anti-forensics techniques, including the ability to remove itself from the web page’s code after execution. Dubbed Pipka, the malicious script was found by researchers from Visa’s Payment Fraud Disruption (PFD) team on the site of a North American merchant that had been previously infected with a different skimmer called Inter. Further investigation uncovered another 16 online merchant sites infected with Pipka.

The new threat on the block

Web skimming is the theft of payment card details from ecommerce websites through malicious scripts injected into them. The scripts are typically injected into the checkout pages to siphon off card information as it is entered by buyers into web forms.

This type of attack has become popular over the past few years, with the rise of one particular skimmer called Magecart that over a dozen groups use. Despite using the same skimmer, these groups employ different techniques and methods to inject their malicious code into websites and keep it hidden.

Some exploit known vulnerabilities. Others compromise legitimate third-party scripts that are loaded into websites, like those for web analytics services, and there is evidence that some groups are compromising routers used to set up Wi-Fi hotspots in airports and other public spaces to inject their code into legitimate traffic.

Researchers have even found evidence that links some of the Magecart groups with sophisticated cybercrime groups like Cobalt and FIN6 that have historically targeted the infrastructure of banks and retailers. This suggests web skimming is profitable enough to be on the radar of well-established criminal gangs that have already stolen hundreds of millions of dollars from organizations worldwide.

It’s then no surprise that other web skimmers like Inter and now Pipka have started to appear to compete with Magecart and some of them have started being sold as commodities on underground markets. With no shortage of methods of compromising websites, researchers expect that web skimming attacks will continue.

Copyright © 2019 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment