Security experts have discovered a multi-platform credit card skimmer that can allow threat actors to harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce.
Researchers from security firm Sansec discovered that the new software skimmer is able to interact with the checkout process on shops running on top of multiple online store management systems.
Once the customers have provided their credit card data, the skimmer will throw an error and redirects customers to the real payment page to avoid raise suspicion.
This campaign outstands because it targets so many different platforms, hackers may have breached a shared component used by all affected merchants.
Experts pointed out that this multi-platform skimmer uses programmatically generated exfiltration domains.
“It keeps a counter and uses base64 encoding to produce a new domainname.” continues the report. “This will lead to, for example, these exfiltration domains.”
The first exfiltration domains was registered on August 31, 2020.
“To summarize: this campaign shows that platforms are no boundary to the profitable fraud of online skimming,” Sansec concludes. “Wherever customers enter their payment details, they are at risk.”
Sansec researchers have spotted multiple Magecart campaigns using new evasion techniques. In early December they have uncovered a campaign that was hiding the malware in CSS files.
The experts analyzed multiple Magecart attack techniques over the past months, attackers compromised websites by hiding malicious code in multiple components of the sites, including live chat windows, images, and favicons.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Multi-platform card skimmer)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.