Security researchers at IBM X-Force IRIS have found evidence of Magecart skimmers targeting commercial layer 7 (L7) routers to steal payment card details of users. Up until now, Magecart-specific code was only delivered at the website level, with web skimmers hiding the code inside PHP or JavaScript files. But researchers say they have found hackers designing and testing malicious scripts that they can inject onto L7 routers – potentially exposing guests connecting to Wi-Fi hotspots to payment data theft.
Full story here: https://www.computing.
co.uk/ctg/news/3081983/ magecart-routers-wifi
Injecting JavaScript payloads into the connections of unsuspecting hotel guests is a huge win for scammers looking to gain access to sensitive data or resources. In addition to being able to completely alter the look and behavior of unprotected sites, JavaScript can initiate functions which persist across network changes potentially giving attackers access to restricted networks. Consider for example someone using the WiFi from a hotel while on a business trip to a satellite office. JavaScript loaded from this hotel WiFi may actually remain executing (through WebWorkers or open tabs) the following morning when the same computer is connected to the corporate intranet. This JavaScript can now, to some extent, relay connections through the unsuspecting employee laptop and onto network resources.