Web skimming hackers infiltrate over 40 ecommerce websites - that we know of
Web skimming attacks are becoming more prevalent, experts warn
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A new set of web skimming attacks have been discovered by JavaScript monitoring company Jscrambler, including attacks using methods that are reportedly unrecognizable.
In ablog post, the company outlined how it detected a web skimming attack on a discounted web marketing and analytics service occurred through the acquisition of its domain name (Cockpit). The domain name has not been in use since 2014.
The Group X skimmers were able to compromise over 40ecommerce websites, and the data collected from the sites was encoded, encrypted and sent to an exfiltration server based in Russia, according to Jscrambler.
Active web skimming attacks
The vendor mentions that once the cyber-criminals successfully exfiltrate the data of the webpage’s original elements, it injects its own fake elements by impersonating a credit card submission form.
Through the use of this method of hacking, any data inserted by the user will continue to be gathered and leaked every time there is a click on the page.
Jscrambler also found two other web skimming groups - Group Y and Group Z, with Group Y reportedly using a similar skimmer to Group X, while Group Z used a modified server structure for its attacks.
Common misconceptions about the rise of Magecart attacks>Retailers using WooCommerce are the next target for Magecart card skimmer attacks>How to survive a drive-by malware attack
Web skimming, also known as Magecart attacks, occurs when hacker groups use online skimming techniques for the purpose of stealing personal data from websites. The hackers mostly target credit card information on sites that accept online payment or personal customer information.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The blog post mentions that there’s a chance that some websites were using a Content Management System (CMS) or a website generator provider that was injecting the third-party script into their pages.
“In that case, they might be unable to remove the library from their websites due to restricted permissions or lack of knowledge,” Jscrambler wrote.
In November, 2022, the UK’s National Cyber Security Centre (NCSC) alerted over 4,000 small business websites about thecompromised payment portalson their ecommerce platforms, ahead of Black Friday - the busiest time for online retailers.
Abigail is a B2B Editor that specializes inweb hostingandwebsite buildernews, features and reviews at TechRadar Pro. She has been a B2B journalist for more than five years covering a wide range of topics in the technology sector from colocation and cloud to data centers and telecommunications. As a B2B web hosting and website builder editor, Abigail also writes how-to guides and deals for the sector, keeping up to date with the latest trends in the hosting industry. Abigail is also extremely keen on commissioning contributed content from experts in the web hosting and website builder field.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
