In a report shared with Cyber Security News, Jscrambler researchers highlighted that the attack operates through a multi-stage process designed to evade detection while harvesting payment information. Second, since security researchers often use invalid card details in their investigations, validating cards helps attackers avoid detection. In the initial stage, threat actors exploit vulnerabilities in e-commerce platforms like WooCommerce and WordPress to inject a malicious loader script disguised as Google Analytics, specifically the “GAO” (GoogleAnalyticsObjects) variant observed in previous campaigns. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. As this campaign continues to evolve, security experts recommend all online merchants prioritize client-side security to protect both their businesses and customers from these increasingly sophisticated threats. A sophisticated web skimming campaign that employs a novel technique leveraging Stripe’s legacy API to validate payment card details before exfiltration. When users enter their payment information, the skimmer validates the card details using Stripe’s API before exfiltrating the data to attacker-controlled servers. In the final stage, the skimmer performs several critical actions: hide the legitimate Stripe iframe, overlay it with a malicious clone, and duplicate the “Place Order” button. Cisco disclosed a critical security vulnerability affecting Cisco Meraki MX and Z Series devices, which presents significant risks to enterprise networks. This tactic ensures attackers collect only valid payment information, making their operation more efficient while reducing the chances of detection. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 14:35:19 +0000