According to researchers, an uptick was spotted in three hiding methods, namely injection of the scripts in images, script spoofing, and string concatenation to make the skimmers stealthier or undetected.
The string concatenation obfuscation is used by attackers to load the skimmer from a domain controlled by them using an implant on the targeted site.
The script spoofing trend is masking the skimmers as Meta Pixel (Facebook Pixel) or Google Analytics, two widely used visitor tracking tools that exist on almost all websites.
Stealthy skimmers limit the effectiveness of threat detection products and increase threat levels to customers. As observed in the ongoing campaign, the attackers are obfuscating their code snippets, injecting them into image files, and masquerading as web applications.
What to do?
Along with active scanning and detection of threats, website admins are suggested to make sure to run the latest version of their CMS and plugins. Meanwhile, customers are advised to use one-time-use private cards and strict payment limits to better protect their hard-earned money from getting stolen.