Researchers have discovered a web skimming malware that hides in plain sight to inject payment card skimmer scripts into compromised online stores. It uses malicious payloads concealed as social media buttons that mimic platforms such as Facebook, Twitter, and Instagram.
Digital skimmers are constantly evolving new methods to evade detection by scanners. PerimeterX researchers have seen code obfuscation tool kits like Caesar+ used to hide the logic, and thus the true intent of malicious code, as well as the use of steganography where code is hidden in images and other innocuous resources. While scanners are a useful tool for analyzing a website for vulnerabilities, attacks such as these can fly under the radar, leading to weeks-long infections that leak thousands of credit card numbers from e-commerce sites. These credit card numbers are sold on the dark web, fueling an endless cycle of payment fraud with costs ultimately borne by the online merchants.
Businesses need full runtime visibility into their customer-facing websites to detect and stop such attacks. Client-side application security solutions can provide continuous visibility into all script activity on a website, making it near impossible for digital skimming attacks to hide. Consumers must continue to monitor their credit card transactions and immediately report any suspicious activity to their card issuer.