Credit Card Thieves Use More Advanced Techniques, Microsoft Says

Share post:

According to Microsoft researchers, threat actors are using advanced techniques to hide their info-stealing code while simultaneously siphoning off credit cards information.

The attackers now disguise their code snippets, inject them into image files and disguise them as popular web applications to avoid detection.

Payment card skimming is a web-based attack in which hackers inject malicious JavaScript code into e-commerce websites by exploiting a vulnerability or poor security practices.

Microsoft’s researchers identified an increase in the use of three evasion methods which include inserting the scripts in images, string concatenation and script spoofing.

By injecting the scripts in images, malicious files disguised as favicons are uploaded to the target server. Their contents include a PHP script with a base64-encoded JavaScript. The script runs to identify the checkout page, performs a check to exclude the administrator, and then submits a fake form to legitimate site visitors.

Script spoofing involves attackers masquerading as Google Analytics or Meta Pixel (Facebook Pixel). Threat actors inject base64-encoded strings inside a fake Google Tag Manager code and trick admins into skipping the inspection, which is possible because admins believe it is part of the site’s default code.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Google delays launch of new AI model Gemini

Google's highly anticipated AI model, Gemini, has had its launch rescheduled to early 2024, as reported by The...

Cyber Security Today, Week in Review for Friday, December 1, 2023

This episode features a discussion on ransomware, the latest explanation from Okta of a support hack and a survey of infosec pros whose firms w

Cyber Security Today, Dec. 1, 2023 podcast – More on compromises

This episode reports on the sanctioning of the Sinbad crypto mixe

All Okta customer support users had their email addresses copied

Identity and access provider Okta now says the threat actor who accessed its customer help desk system last month got the names and email addresses of all contacts of organizations that use its support system. Originally, the company said that, after an investigation, it determined only one per cent of the contacts from its 18,000

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways