Skimming
February 3, 2025
Double-Entry Web Skimming Attack Campaign Hits 17 Websites Full Text
Abstract
Interestingly, unlike typical skimmers that target checkout pages, this one targeted the cart page. It intercepted the checkout button click and presented users with a fake, multi-step payment form within a pop-up window.HackRead
January 10, 2025
Stealthy Credit Card Skimmer Targets WordPress Checkout Pages via Database Injection Full Text
Abstract
The credit card skimmer silently injects malicious JavaScript into database entries to steal sensitive payment details. The malware activates on checkout pages by hijacking existing payment fields or injecting a fake credit card form.Sucuri
August 17, 2024
PrestaShop GTAG Websocket Skimmer Full Text
Abstract
A recent investigation uncovered a credit card skimmer using a web socket connection to steal credit card details from an infected PrestaShop website. Attackers use web sockets for obfuscation, making it difficult to analyze traffic.Sucuri
July 10, 2024 – Phishing
Regional Transport Office Themed Phishing Campaign Targets Android Users In India Full Text
Abstract
Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named "VAHAN PARIVAHAN.apk".Cyble As CISOs Grapple with the C-Suite, Job Satisfaction Takes a Hit Full Text
Abstract
Research shows that 75% of CISOs are considering a job change due to various challenges and pressures. CISOs often face accountability for cyber incidents and compliance failures, leading to discontent.Cybersecurity Dive
June 24, 2024
Facebook PrestaShop Module Exploited to Steal Credit Cards Full Text
Abstract
Hackers are taking advantage of a vulnerability in a Facebook module for PrestaShop called pkfacebook to carry out card skimming attacks on e-commerce websites and steal customers' payment card details.Bleeping Computer
June 22, 2024
Decoding the Caesar Cipher Skimmer Full Text
Abstract
A new variation of the "gtag" credit card skimming attack, known as the "Caesar Cipher Skimmer," has been detected on multiple CMS platforms including WordPress, Magento, and OpenCart.Sucuri
November 15, 2023
Credit Card Skimming on the Rise for the Holiday Shopping Season Full Text
Abstract
A credit card skimming campaign called Kritec has recently picked up in activity, compromising numerous online stores and stealing credit card information from unsuspecting shoppers.Cyware
October 02, 2023
Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses Full Text
Abstract
A financially motivated campaign has been targeting online payment businesses in the Asia Pacific, North America, and Latin America with web skimmers for more than a year. The BlackBerry Research and Intelligence Team is tracking the activity under the name Silent Skimmer , attributing it to an actor who is knowledgeable in the Chinese language. Prominent victims include online businesses and point-of-sale (PoS) service providers. "The campaign operators exploit vulnerabilities in web applications, particularly those hosted on Internet Information Services (IIS)," the Canadian cybersecurity firm said . "Their primary objective is to compromise the payment checkout page, and swipe visitors' sensitive payment data." A successful initial foothold is followed by the threat actors leveraging multiple open-source tools and living-off-the-land (LotL) techniques for privilege escalation, post-exploitation, and code execution. The attack chain leads to the deployThe Hacker News
September 19, 2023
Payment Card-Skimming Campaign Now Targeting Websites in North America Full Text
Abstract
A Chinese-speaking threat actor known for skimming credit card numbers off e-commerce sites and point-of-sale service providers in the Asia/Pacific region for more than a year has begun aiming at similar targets in North and Latin America as well.Cyware
June 05, 2023
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack Full Text
Abstract
Cybersecurity researchers have unearthed a new ongoing Magecart -style web skimmer campaign that's designed to steal personally identifiable information (PII) and credit card data from e-commerce websites. A noteworthy aspect that sets it apart from other Magecart campaigns is that the hijacked sites further serve as "makeshift" command-and-control (C2) servers, using the cover to facilitate the distribution of malicious code without the knowledge of the victim sites. Web security company Akamai said it identified victims of varying sizes in North America, Latin America, and Europe, potentially putting the personal data of thousands of site visitors at risk of being harvested and sold for illicit profits. "Attackers employ a number of evasion techniques during the campaign, including obfuscating [using] Base64 and masking the attack to resemble popular third-party services, such as Google Analytics or Google Tag Manager," Akamai security researcher Roman LvThe Hacker News
June 5, 2023
Magecart campaign abuses legitimate sites to host web skimmers and act as C2 Full Text
Abstract
A new ongoing Magecart web skimmer campaign abuse legitimate websites to act as makeshift command and control (C2) servers. Akamai researchers discovered a new ongoing Magecart web skimmer campaign aimed at stealing personally identifiable information...Security Affairs
May 3, 2023
Card Skimmers and ATMs Used to Drain EBT Accounts in SoCal Full Text
Abstract
The suspects are accused of using card skimmers and ATMs to drain electronic benefit transfer (EBT) accounts, which are used to pay for food through the Supplemental Nutrition Assistance Program (SNAP).Cyware
March 24, 2023
A look at a Magecart skimmer using the Hunter obfuscator Full Text
Abstract
When a victim who is shopping at a compromised online store goes to the checkout page, there will be additional fields injected in the contact form that aren't normally there.Cyware
February 22, 2023
Multilingual Skimmer Fingerprints ‘Secret Shoppers’ via Cloudflare Endpoint API Full Text
Abstract
The skimmer uses iframes that are loaded if the current page is the checkout and if the browser's local storage does not include a font item (this is equivalent to using cookies to detect returning visitors).Cyware
September 5, 2022
Magecart’s New JavaScript Skimmer Targets Magento Websites Full Text
Abstract
Cyble researchers spotted and analyzed a new JavaScript skimmer used by the Magecart threat group to target Magento e-commerce sites and steal payment data. The malicious JS code is loaded with standard skimmer anti-detection features. Magento e-commerce site owners should deploy the right too ... Read MoreCyware Alerts - Hacker News
September 1, 2022
Researchers analyzed a new JavaScript skimmer used by Magecart threat actors Full Text
Abstract
Researchers from Cyble analyzed a new, highly evasive JavaScript skimmer used by Magecart threat actors. Cyble Research & Intelligence Labs started its investigation after seeing a post on Twitter a new JavaScript skimmer developed by the Magecart...Security Affairs
June 27, 2022
Bank of the West found debit card-stealing skimmers on ATMs Full Text
Abstract
The Bank of the West is warning customers that their debit card numbers and PINs have been stolen by skimmers installed on several of the bank's ATMs.BleepingComputer
June 22, 2022
Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign Full Text
Abstract
A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis. "We were able to connect these two domains with a previous campaign from November 2021 which was the first instance to our knowledge of a skimmer checking for the use of virtual machines," Jérôme Segura said . "However, both of them are now devoid of VM detection code. It's unclear why the threat actors removed it, unless perhaps it caused more issues than benefits." The earliest evidence of the campaign's activity, based on the additional domains uncovered, suggests it dates back to at least May 2020. Magecart refers to a cybercrimThe Hacker News
May 26, 2022
Credit Card Stealers Adopt Advanced Evasion Techniques Full Text
Abstract
Microsoft found that scammers are using image files with a hidden malicious PHP script to manipulate e-commerce checkout pages and capture payment card details in their latest attack campaigns. The attackers are obfuscating their code snippets, injecting them into image files, and masquerading as w ... Read MoreCyware Alerts - Hacker News
May 24, 2022
Microsoft warns of new highly evasive web skimming campaigns Full Text
Abstract
Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection. Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation...Security Affairs
May 11, 2022
Caramel - New Credit Card Skimmer-as-a-Service Full Text
Abstract
A new credit card stealing service, called Caramel, is growing in popularity. Launched by a Russian cybercrime organization named CaramelCorp, the skimmer-as-a-service can allow any low-skilled threat actors to get started with financial fraud.Cyware Alerts - Hacker News
February 10, 2022
Threat actors compromised +500 Magento-based e-stores with e-skimmers Full Text
Abstract
Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online...Security Affairs
February 4, 2022
Retail giant Target open sources Merry Maker e-skimmer detection tool Full Text
Abstract
Retail giant Target is going to open-source an internal tool, dubbed Merry Maker, designed to detect e-skimming attacks. Retail giant Target announced the release in open-source of an internal tool, dubbed Merry Maker, designed to detect e-skimming...Security Affairs
February 03, 2022
Target open sources scanner for digital credit card skimmers Full Text
Abstract
Target, one of the largest American department store chains and e-commerce retailers, has open sourced 'Merry Maker' - its years-old proprietary scanner for payment card skimming.BleepingComputer
February 3, 2022
Target shares its own web skimming detection tool Merry Maker with the world Full Text
Abstract
The new open-source tool Merry Maker from Target simulates online browsing and shopping to identify malicious code meant to steal payment card information on retailers' websites.CSO Online
January 25, 2022
Segway store compromised with Magecart skimmer Full Text
Abstract
Malwarebytes web protection team identified a web skimmer on Segway’s online store. The researchers tied it to a previous campaign that is attributed to Magecart Group 12.Malwarebytes Labs
January 6, 2022
New Web Skimmer Campaign Attacks via Cloud Video Distribution Supply Chain Full Text
Abstract
Sotheby’s Brightcove account was breached by hackers who deployed a skimmer to pilfer payment card details from more than 100 of its luxury real estate websites.Cyware Alerts - Hacker News
January 04, 2022
Hackers Target Real Estate Websites with Skimmer in Latest Supply Chain Attack Full Text
Abstract
Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than 100 real estate websites operated by Sotheby's Realty that involved injecting malicious skimmers to steal sensitive personal information. "The attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded with skimmer codes as well," Palo Alto Networks' Unit 42 researchers said in a report published this week. The skimmer attacks, also called formjacking, relates to a type of cyber attack wherein bad actors insert malicious JavaScript code into the target website, most often to checkout or payment pages on shopping and e-commerce portals, to harvest valuable information such as credit card details entered by users. In the latest incarnation of the Magecart attacks, the operators behind the campaign breached the Brightcove account of Sotheby's and deployed malicious code into the player of theThe Hacker News
January 4, 2022
Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites Full Text
Abstract
The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player.Threatpost
January 4, 2022
Attackers abused cloud video platform to inject an e-skimmer into 100 Real Estate sites Full Text
Abstract
Threat actors compromised more than 100 real estate websites belonging to the same parent company by implanting an e-skimmer. Threat actors used an unnamed cloud video platform to install an e-skimmer on more than 100 real estate websites belonging...Security Affairs
December 23, 2021
New Card Skimmer Attacks Detected Ahead of Christmas Shopping Season Full Text
Abstract
The Christmas holiday shopping season is around the corner and so are the Magecart attackers. Interestingly, these attackers have become more active than ever, with each attack taking place every 16 minutes.Cyware Alerts - Hacker News
December 15, 2021
Sites hacked with credit card stealers undetected for months Full Text
Abstract
Threat actors are gearing up for the holidays with credit card skimming attacks remaining undetected for months as payment information is stolen from customers.BleepingComputer
November 18, 2021
Attackers deploy Linux backdoor on e-stores compromised with software skimmer Full Text
Abstract
Researchers discovered threat actors installing a Linux backdoor on compromised e-commerce servers after deploying a credit card skimmer into e-stores. Security researchers from Sansec Threat Research Team discovered a Linux backdoor during an investigation...Security Affairs
November 12, 2021
Costco Confirms: A Data Skimmer’s Been Ripping Off Customers Full Text
Abstract
Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.Threatpost
November 7, 2021
New Magecart group uses an e-Skimmer that avoids VMs and sandboxes Full Text
Abstract
A new Magecart group leverages a browser script to evade virtualized environments and sandboxes used by researchers. Malwarebytes researchers have spotted a new Magecart group that uses a browser script to evade detection and the execution in virtualized...Security Affairs
May 31, 2021
WooCommerce Credit Card Skimmer Hides in Plain Sight Full Text
Abstract
The attackers use what appears to be a Google Tag Manager script, a popular service used on many websites, to hide their malicious content, while using base64 encoding for obfuscation.Sucuri
May 31, 2021
MobileInter: A Popular Magecart Skimmer Redesigned For Your Phone Full Text
Abstract
With nearly three out of every four dollars spent online done via a mobile device, it's no wonder Magecart operators are looking to target this lucrative landscape using MobileInter.Risk IQ
May 26, 2021
22 Americans Indicted Over Card-Skimming Scam Full Text
Abstract
Nearly two dozen individuals charged with purchasing and using payment cards stolen from national retail chainInfosecurity Magazine
May 21, 2021
PHP Abused for Web Skimming Attacks Full Text
Abstract
In the first week of May, security researchers raised an alarm about a decade-old supply chain flaw in the PHP package manager that could have put millions of websites at risk.Cyware Alerts - Hacker News
May 17, 2021
Magecart Goes Server-Side in Latest Tactics Changeup Full Text
Abstract
The latest Magecart iteration is finding success with a new PHP web shell skimmer.Threatpost
February 24, 2021
Checkout Skimmers Powered by Chip Cards — Krebs on Security Full Text
Abstract
Skimming devices used to hack terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal’s chip reader slot.Krebs on Security
February 16, 2021
A new Bluetooth overlay skimmer block chip-based transactions Full Text
Abstract
Experts discovered a new Bluetooth overlay skimmer that interferes with the ability of the terminal to read chip-based cards, forcing the use of the stripe. The popular investigator Brian Krebs reported the discovery of a new Bluetooth overlay skimmer...Security Affairs
February 16, 2021
Bluetooth Overlay Skimmer That Blocks Chip — Krebs on Security Full Text
Abstract
The Bluetooth-enabled skimming devices placed over top of payment card terminals interfere with the terminal’s ability to read chip-based cards, forcing customers to swipe the stripe instead.Krebs on Security
January 22, 2021
Magento PHP Injection Loads JavaScript Skimmer Full Text
Abstract
To avoid getting detected, the skimmer is loaded using the PHP function file_get_contents and an obfuscated URL, while ensuring that the user is on the checkout page and not logged in as admin.Sucuri
January 7, 2021
US Jails Cuban Credit Card Skimming Crew Full Text
Abstract
Cyber-criminals jailed for $5m skimming attack on Virginia gas pumpsInfosecurity Magazine
January 7, 2021
Cuban Credit Card Skimming Crew Sentenced to Prison Full Text
Abstract
According to court documents, the six conspirators placed credit card skimming devices on gas pumps located in Northampton County within the Eastern District of Virginia.US Department of Justice
January 1, 2021
Magecart Active Again with New Multi-platform Skimmer Full Text
Abstract
Researchers have found a new credit card skimmer that is capable of affecting multiple e-commerce hosting platforms such as Shopify, Zencart, Woocommerce, and BigCommerce.Cyware Alerts - Hacker News
December 30, 2020
Multi-platform Credit Card SKimmer hits Shopify, Bigcommerce, and Others Full Text
Abstract
The Cybersecurity and Infrastructure Security Agency (CISA) has created a free tool to identify unusual activity that could have potentially malicious repercussions...Cyber Security News