Researchers have discovered a web skimming malware that hides in plain sight to inject payment card skimmer scripts into compromised online stores. It uses malicious payloads concealed as social media buttons that mimic platforms such as Facebook, Twitter, and Instagram.

Experts Comments

December 04, 2020
Ameet Naik
Security Evangelist
PerimeterX
Digital skimmers are constantly evolving new methods to evade detection by scanners. PerimeterX researchers have seen code obfuscation tool kits like Caesar+ used to hide the logic, and thus the true intent of malicious code, as well as the use of steganography where code is hidden in images and other innocuous resources. While scanners are a useful tool for analyzing a website for vulnerabilities, attacks such as these can fly under the radar, leading to weeks-long infections that leak.....Read More
Digital skimmers are constantly evolving new methods to evade detection by scanners. PerimeterX researchers have seen code obfuscation tool kits like Caesar+ used to hide the logic, and thus the true intent of malicious code, as well as the use of steganography where code is hidden in images and other innocuous resources. While scanners are a useful tool for analyzing a website for vulnerabilities, attacks such as these can fly under the radar, leading to weeks-long infections that leak thousands of credit card numbers from e-commerce sites. These credit card numbers are sold on the dark web, fueling an endless cycle of payment fraud with costs ultimately borne by the online merchants. Businesses need full runtime visibility into their customer-facing websites to detect and stop such attacks. Client-side application security solutions can provide continuous visibility into all script activity on a website, making it near impossible for digital skimming attacks to hide. Consumers must continue to monitor their credit card transactions and immediately report any suspicious activity to their card issuer.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.