- The researchers found more than four dozen e -commerce sites infected with a credit card skimmer
- The skimmer abused a unnoticed striped api to validate the information
- Users are recommended to migrate to the new API
API inherited striped are kidnapped to process fraudulent payments made on compromised electronic commerce websites, experts warned.
Cybersecurity researchers JSCRAMLER have outlined a campaign that has been ongoing since at least August 2024, with at least 49 electronic commerce sites committed to a credit card skimmer.
However, the final number of victims is much larger, since the investigation is still ongoing.
“Sophisticated campaign”
However, on these 49 websites, the attackers injected a malicious JavaScript code that superimposed the legitimate payment page with a false one. The destination page superimposed then reaped the payment information of the people and, at the end, they fulfilled a false error asking them to recharge the page.
The attackers would use an old striped api, called “Api.stripe[.]com/v1/sources ”, to process payments.
Jscrambler says that attackers could “do it easily also later”, using cardado bots or dark web services.
However, there are benefits in doing so on the client’s side, mainly since all websites were already using the API as part of their normal payment flow.
In addition, many security tools and investigators often use the details of the non -valid credit card as part of their work, so not to spare in these cases means being less likely to be detected.
No one is an assumption of these websites that are committed, but Jscrabler speculates that attackers probably abuse different vulnerabilities and erroneous configurations. The Woocommerce, WordPress and Prestashop sites were attacked.
“This sophisticated web skim campaign highlights the evolutionary tactics used by attackers to remain without being detected,” the researchers said. “And as a bonus, they effectively filter non -valid credit card data, ensuring that only valid credentials are stolen.”
The best way to mitigate this risk is to use the most recent striped API to process information. The abuse of these attacks has been unnoticed in favor of the PayMetmetMethods API in May 2024.
Through The hacker news
