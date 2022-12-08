A web skimming effort that has been going on for at least a year has been found by Jscambler. According to the security provider, the operation has hacked around 40 e-commerce sites. A gang known as “Group X” is behind the effort and is accused of transferring the stolen card information to a server in Russia. The hackers broke into the targeted website using a supply-chain strategy. According to Jscrambler, the hackers took advantage of Cockpit, a JavaScript package that provides free web marketing and analytics services. The service was reportedly suspended in December 2014, several years ago.

Attack Technique

They purchased the domain name that was used to host the library and utilized it to deliver a skimming script at the same URL. Over 40 e-commerce websites were compromised by the attackers who were able to deploy malicious code by re-registering the expired domain.

Vendor Claimed

The vendor claimed that failing to take down outdated libraries like these from websites frequently results in vulnerable dead links. Poor security procedures and a lack of understanding of third-party code are to blame, it was claimed.

According to Jscrambler, “the majority of security teams don’t have access into this third-party code that is running on their website; they don’t know if it’s functioning as it should or improperly — whether mistakenly or deliberately.”