Credit Card Thieves Use More Advanced Techniques, Microsoft Says

Share post:

According to Microsoft researchers, threat actors are using advanced techniques to hide their info-stealing code while simultaneously siphoning off credit cards information.

The attackers now disguise their code snippets, inject them into image files and disguise them as popular web applications to avoid detection.

Payment card skimming is a web-based attack in which hackers inject malicious JavaScript code into e-commerce websites by exploiting a vulnerability or poor security practices.

Microsoft’s researchers identified an increase in the use of three evasion methods which include inserting the scripts in images, string concatenation and script spoofing.

By injecting the scripts in images, malicious files disguised as favicons are uploaded to the target server. Their contents include a PHP script with a base64-encoded JavaScript. The script runs to identify the checkout page, performs a check to exclude the administrator, and then submits a fake form to legitimate site visitors.

Script spoofing involves attackers masquerading as Google Analytics or Meta Pixel (Facebook Pixel). Threat actors inject base64-encoded strings inside a fake Google Tag Manager code and trick admins into skipping the inspection, which is possible because admins believe it is part of the site’s default code.

The sources for this piece include an article in BleepingComputer.


Related articles

Cyber Security Today, June 12, 2024 – More Snowflake storage victims found, Microsoft issues new Windows patches,

More Snowflake storage victims found, Microsoft issues new Windows patches, and more. Welcome to Cyber Security Today. It's Wednesday,...

Former OpenAI employee alleges plan for AGI bidding war

In a recent interview, former OpenAI safety researcher Leopold Aschenbrenner made startling claims about his ex-employer's strategy regarding...

Malicious code in millions of installs traced to Microsoft Visual Studio

A group of Israeli researchers found thousands of potentially harmful extensions on the Visual Studio Code (VSCode) Marketplace,...

Cyber Security Today, June 10, 2024 – Microsoft backs down on Recall

Microsoft backs down on Recall. Welcome to Cyber Security Today. It's Monday, June 10th, 2024. I'm Howard Solomon, contributing...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways