Skimming code steal credit card information of payment from E-commerce websites

Many of E-commerce sites infected with the malicious skimming code that steals the customer payment card information from checkout pages. The malicious code found inserted with the number of e-commerce websites providing various services such as ticketing, touring, flight booking services and shopping cart sites.As stated in the researcher analysis report, 250 and many more e-commerce sites found injected with the malicious skimming codes. With further analysis, researchers observed that e-commerce websites are not directly compromised.

The skimming codes are injected complete the third-party JavaScript library provided by the French online advertising company Adverline. This grant the website that embedded with third-party libraries to load the skimming code.Unequal other online skimmer groups that directly compromise their target’s shopping cart platforms, Magic art Groups 5 and 12 attack third-party services used by e-commerce websites by injecting skimming code to JavaScript libraries they provide.

The inserted skimmer script capable of reading the payment details entered on the checkout pages by the users and send the data to the attacker’s server. With Adverline’s case, Magic art Group 12 embedded the skimming toolkit employs two obfuscated scripts, the first script capable of reverse engineering and the second one is the skimmer.

The first script constantly checks for browser debugger console and cleaned the messages to deter detection and analysis. Second script checks for the pages that contain following strings such as “checkout,” “billing,” and “purchase.If the script catches any of the targeted string the script will get executed and perform the skimming activity. The captured payment data including any number, e-commerce website’s domain are sent through HTTP post request with Base64 coding.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.