loader gif

This Keylogger might be stealing your Credit Card details from ecommerce website

restaurant,light, evening, cellphone, digital, hold, female, asia, lady, window, up, room, mobile, reflection, woman, winter, interior, smart, relax, cell, smartphone, indoor, online, shop,japanese, hand

Web based keyloggers are the new buzz in the hacker network. These keyloggers have been planted in popular ecommerce websites by the hackers and are being used to steal the credit card data. As per a study conducted by RiskIQ and ClearSky at least 100 sites that have been compromised have been identified as of now. The report says the number could run into thousands.

The report has identified popular ecommerce sites like Everlast Worldwide and FidelityStore to be infected with these web based keyloggers. The report further says that credit card details are stolen in real time when the user is making a purchase. This is not the first time such web-based keyloggers have been identified. Infact previously the researchers had unearthed keyloggers that could exploit the vulnerability in the open source Magento ecommerce platform. However the newer versions are not only targeting Magento but other platforms as well that include Powerfront CMS and OpenCart.

shutterstock_178434113

The researchers have not yet been able to pinpoint the exact vulnerability the attackers are exploiting. However, they have decoded the attack flow process. The attack starts with the attackers placing a simple script tag on the target which is an ecommerce website. The script tag includes lines of web coding that trigger a flow of actions which include executing malicious JavaScripts hosted on the remote server.

When a user shops on the ecommerce website and goes for the check out, the script tag detects it and injects the keylogger JavaScript from an external domain. As soon as the credit card data is entered, the same is forwarded to the attacker controlled domain.The report also highlights the sophisticated nature of these attacks. It says that injecting the JavaScript from a remote domain allows the attacker to make any modifications and changes in the source code of the malware without the need to infecting the site again. The attack method further ensures that the credit card data is new, valid and accounts have funds available.

While such type of attacks are not new but a dangerous trend is on the rise. The customers should collectively exert pressure on the ecommerce websites to maintain highest standards of security and ensure them that their sensitive data is not being stolen.

loader gif