Card Skimmers Have New Tricks up Their Sleeves

The card skimming landscape continues to evolve as cybercriminals learn new techniques to avoid detection.

Online shoppers, Beware!

  • Unaware online shoppers may visit a site that has been affected with a web skimmer and make purchases, while unintentionally handing over their payment details to criminals.
  • Skimming codes are inserted seamlessly within the shopping sites and only those equipped with proper networking tools or a keen eye for tiny details can notice any malicious activity.
  • The skimmers become active on payment pages and stealthily exfiltrate personal and financial data entered by the customers.

A pack of new tricks

  • Skimming attacks have become increasingly sophisticated as skimmers have learned new ways to stash malicious JavaScript in e-commerce sites. Threat actors are exploiting vulnerabilities present in such websites to install skimming malware and gain access to the form fields submitted by customers.
  • Skimmers are looking for input-field names on webpages to perform data exfiltration. They are using communication services for the exfiltration, which is triggered when the browser’s current URL has a keyword showing signs of a shopping website and when the users validate their purchases.

Recent skimming attacks

  • The third-largest global music recording company, Warner Music Group (WMG), disclosed a data breach showing signs of a Magecart attack. Reportedly, WMG’s multiple e-commerce websites—hosted and supported by an external service provider—were compromised, enabling hackers to steal customers’ personal information entered into those sites.
  • In a recent attack, Magecart credit card skimmers used Telegram as a channel for sending stolen credit card information back to its C2 servers. They exfiltrated the payment details using Telegram’s API and posted them into a chat channel. By leveraging simple Base64 encoding, the skimmers encoded the bot ID, the channel, and the Telegram API request.
  • The American Payroll Association (APA) reported a skimming attack in which hackers installed skimming malware on their website’s login page as well as the checkout section by abusing a vulnerability in their CMS. In the incident, attackers gained access to customers’ login credentials, personal information, and payment card details.

Final thoughts

As always, organizations need to adapt best-of-breed tools and methodologies to keep pace with skimming attacks. Moreover, e-commerce vendors need to especially step up their game to thwart such cyberattacks and maintain the trust of their customers. Taking a proactive approach, security researchers and online merchants can collaboratively overcome skimming attacks.