Researchers from Akamai discovered a new skimmer attack that is targeting several e-stores with a new technique to exfiltrate data.
Threat actors are using fake credit card forum and WebSockets to steal the financial and personal information of the users.
“Online stores are increasingly outsourcing their payment processes to third-party vendors, which means that they don’t handle credit card data inside their store. To overcome this, the attacker creates a fake credit card form and injects it into the application’s checkout page. The exfiltration itself is done by WebSockets, which provide the attacker a more silent exfiltration path.” reads the post published by Akamai.
Attackers leverage Cloudflare’s API to obtain the user’s IP address, then use a WebSocket connection to exfiltrate sensitive information from pages involving the checkout, login, and new account registration pages.
Experts noticed that for those e-stores that handle the payment process through a third-party provider, the skimmer creates a fake credit card form in the page before it is redirected to the third-party vendor.
“Akamai sees new and subtly modified web application client-side attacks, such as this example, on nearly a weekly basis. Given the obfuscated nature and supply chain origination of in-browser attacks, traditional CSP-reliant approaches miss most of these types of attacks.” concludes the company.
“Our security portfolio has embraced and invested in bringing to market a web skimming protection product called Page Integrity Manager, which focuses on the script execution behavior with unprecedented visibility into the runtime environment. It collects information about the different scripts that run in the web page, each action they take, and their relation to other scripts in the page. Pairing this data with our multilayered detection approach — leveraging heuristics, risk scoring, AI, and other factors — allows Page Integrity Manager to detect different types of client-side attacks, with a high focus on data exfiltration and web skimming attacks.”
(SecurityAffairs – hacking, web skimmer)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.