Credit card skimming campaign targeting e-commerce websites

Started by Kalyan, Jul 21, 2020, 01:41 AM

Previous topic - Next topic

Kalyan

Credit card skimming campaign targeting e-commerce websites

Researchers at the cybersecurity firm found over a dozen websites which have been compromised with malicious code injections into one of their legitimate JavaScript libraries

Indian Computer Emergency Response Team (CERT-In) on Saturday issued a public warning about a credit card skimming campaign spread through sports, health and e-commerce websites.

In an official post, CERT-In explains attackers are targeting websites hosted on Microsoft's IIS server running with ASP.NET web application framework (used to develop web apps and services).

The problem lies with version 4.0.30319 of ASP.NET which is no longer officially supported by Microsoft and contains multiple vulnerabilities which makes it easier for attackers to exploit them.

CERT-In has advised websites using ASP.NET web framework and IIS web server to use the latest version and conduct security audits of web application, web server and database server, in addition to checking web server directories regularly for any malicious web shell files and remove them before they can be exploited.

CERT-In refers to a recent Malwarebytes Labs report, which found a known vulnerability (CVE-2017-9248) for ASP.NET that has been exploited recently to steal credit card credentials.

Researchers at the cybersecurity firm found over a dozen websites which have been compromised with malicious code injections into one of their legitimate JavaScript libraries.

ASP.NET is a widely used web application framework by websites running shopping cart applications. The compromised websites found by Malwarebytes Labs had a shopping cart which was targeted by attackers.

The skimmer codes injected into the JavaScript libraries are designed to steal credit card numbers as well as passwords.

Researchers point out, the skimming campaign started sometime in April.

Due to covid-19 online transactions and payments have increased considerably. This has widened the attack surface for hackers. While CERT-IN's warning was specific to a few websites that were using the outdated web server framework, in another recent instance attackers have been found to be targeting mobile apps to steal card details.

Cybersecurity firm ThreatFabric has recently detected a new malware called BlackRock which has targeted over 337 Android apps.

It uses overlays (fake window) with keylogger functionality on top of a legitimate app prompting users to enter card details to get access into the app. As the users enter the card details the keylogger captures them to forward to attackers.


source - live mint