A Stealthy Web Skimming Campaign: What You Need to Know
Cybersecurity researchers have uncovered a long-running web skimming campaign that has been active since early 2022, targeting major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. This insidious attack poses a significant threat to online security, particularly for e-commerce sites and payment portals.
Targeted Attacks and Compromised Domains
The campaign, discovered by Silent Push, employs malicious JavaScript code that is injected into legitimate e-commerce sites and payment portals. The attackers behind this operation have been found to use a domain linked to a now-sanctioned bulletproof hosting provider, Stark Industries (formerly known as PQ.Hosting), which has since rebranded to THE[.]Hosting. The domain, cdn-cookie[.]com, has been found to host highly obfuscated JavaScript payloads, such as "recorder.js" or "tab-gtm.js," that facilitate credit card skimming.
Evasion Techniques and Manipulation Tactics
The skimmer is designed to evade detection by site administrators, checking for the presence of a WordPress toolbar element named "wpadminbar." If detected, it initiates a self-destruct sequence and removes its presence from the web page. Moreover, the skimmer checks if Stripe was selected as a payment option and replaces the legitimate Stripe payment form with a fake one, tricking victims into entering their credit card details.
Data Exfiltration and Impact on Users
The data stolen by the skimmer extends beyond payment details to include names, phone numbers, email addresses, and shipping addresses. The information is eventually exfiltrated by means of an HTTP POST request to the server "lasorie[.]com." Once the data transmission is complete, the skimmer erases traces of itself from the checkout page, restoring the legitimate Stripe input form.
Relevance to North East India and the Wider Indian Context
As e-commerce continues to grow in North East India, so does the risk of such cyberattacks. Online shoppers in the region must remain vigilant and practice safe online shopping habits, such as using secure networks, keeping software updated, and monitoring account activity regularly. Furthermore, businesses should prioritize cybersecurity measures to protect their customers' sensitive data.
Looking Forward: Staying Ahead of Cybercriminals
The persistence and sophistication of this web skimming campaign underscore the need for continuous vigilance in the digital world. Cybersecurity providers and law enforcement agencies must collaborate to combat these threats and protect online users. As digital transactions become increasingly prevalent, it is essential to stay informed, stay secure, and stay ahead of cybercriminals.