How are Credit Card Skimming Attacks Thriving During the COVID-19 Crisis?

  • Web skimming attacks have increased by 26 percent in March alone compared to previous months.
  • Web skimming - primarily linked to the Magecart threat actor groups - is the process of stealing customer data, including credit card information, from e-commerce sites.

Crisis events such as the current COVID-19 pandemic often capture the attention of cybercriminals to launch sophisticated attacks against organizations. With the confinement measures imposed across several countries, online shopping activities have soared and along with it, credit card skimming.

According to a report from Malwarebytes, web skimming attacks have increased by 26 percent in March alone compared to previous months. Web skimming - primarily linked to the Magecart threat actor groups - is the process of stealing customer data, including credit card information, from e-commerce sites. Given the flexibility and the ease with which the process is deployed, many other hacker groups have also begun weaponizing the skimmer code to steal sensitive details of customers.

Preview of attacks in the past two months
  • Two high profile victims that experienced a flurry of web skimming attacks included NutriBullet and Tupperware. The attack against the popular blender vendor, NutriBullet, had begun on February 20 and was carried out by criminal actors identified as Magecart Group 8. RiskIQ explained that the JavaScript-based skimmer injected into the website was used by the group since 2018.
  • On the other hand, the food storage container manufacturer, Tupperware, had fallen victim to a web skimming attack on March 20. The malicious iframe injected into the Tupperware sites had collected shoppers’ first and last names, billing addresses, credit card expiry dates, telephone numbers, and CVV numbers.  
  • The notorious Magecart Group 12, was also found to be a part of an ongoing campaign which was active since September 2019, with the last infection date detected on February 19, 2020. The skimmer, hosted on ‘jquerycdn.su’, were used to infect as many as 40 new websites.
  • For the past 30 months, till February 2020, an online printing platform, Reprint Mint, was infected several times with a variety of skimmer code to pilfer card information of customers. These skimmers connected to different C2 servers to send back data collected from the website.
  • A new digital skimmer, dubbed ‘MakeFrame’, was spotted in the first week of April 2020. Researchers uncovered that the skimmer had successfully compromised at least 19 different e-commerce websites to steal payment card details of customers.

Minimizing risk
As there is no proper answer on how to thwart web skimming, it is on to the online merchants and shoppers to prevent falling victim to such attacks. Meanwhile, some basic security measures like keeping the platform up to date and actively tracking web skimmers with additional protection systems can minimize the chances of card skimming attacks.