Card Skimmer Group Replaces Checkout Page to Steal Payment Info
A payment service platform’s checkout page was recently cloned by the threat actors behind a web skimming campaign that harvested and stole credit card information from an online shop’s customers.
It is being reported that a payment service platform’s checkout page was recently cloned by the threat actors behind a web skimming campaign that harvested and stole credit card info from an online shop’s customers. Malwarebytes Jérôme Segura, who observed the campaign, noticed that is didn’t bother with trying to scrape the info entered by buyers into the store’s forms, but instead went straight to the PSP, effectively replacing its checkout page with a cloned one to intercept and collect the shoppers’ credit card data. This makes this attack a hybrid between skimming and phishing operations since the attackers didn’t just limit their attacks to the store’s PSP to harvest financial info, but effectively phished it out of the virtual hands of their targets using an external PSP’s cloned checkout page.
Deepak Patel, security evangelist at PerimeterX:
“The attack is a call to action for all retailers, travel and hospitality sites, and any site that takes payment information: you must take a new approach to secure user data, starting this holiday season. Attackers continue to exploit unpatched and zero-day vulnerabilities on servers to inject skimming code on websites. It is essential to patch systems and deploy server-side defenses. It is also clear that real-time client-side visibility of script execution is the need of the hour.”