Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases.
Skimmers are small snippets of JavaScript code added to checkout pages or loaded from a remote resource to evade detection.
They are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses and then upload the information to the attackers' servers.
Threat actors use the stolen data to perform unauthorized transactions, such as online purchases, or resell them to other cybercriminals on dark web marketplaces.
These attacks can go undetected for weeks or even several months, and depending on the popularity of the breached e-commerce platforms, cybercriminals can collect large numbers of payment card details.
Coordinated by Europol and spearheaded by Greece, a two-month international operation involving law enforcement from 17 countries and private entities such as Group-IB and Sansec identified skimmer infections on 443 websites.
Additional details shared by Group-IB reveal that the operation unearthed 23 distinct families of JavaScript sniffers, including ATMZOW, health check, FirstKiss, FakeGA, AngryBeaver, Inter, and R3nin.
The above families are known for elusive behavior, such as abusing Google Tag Manager to update their malicious code snippets and mimicking Google Analytics code to dodge detection during website code inspections.
This action comes at a critical moment as online shopping activity spikes during the holiday season.
Using digital payment methods or one-time private cards can help minimize the likelihood of having payment card details stolen.
It is also advisable to scrutinize credit card statements for unauthorized charges, which can help alert if a card has been compromised.
BidenCash darkweb market gives 1.9 million credit cards for free.
WordPress fixes POP chain exposing websites to RCE attacks.
ALPHV ransomware site outage rumored to be caused by law enforcement.
Fake WordPress security advisory pushes backdoor plugin.
Police dismantle ransomware group behind attacks in 71 countries.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 22 Dec 2023 14:55:16 +0000