dcsimg

Credit card skimmer piggybacks on Magento 1 hacking spree

Back in the fall of 2020 threat actors started to massively exploit a vulnerability in the no-longer maintained Magento 1 software branch. As a result, thousands of e-commerce shops were compromised and many of them injected with credit card skimming code. While monitoring activities tied to this Magento 1 campaign, we identified an e-commerce shop that had been targeted twice by skimmers. This … [Read more...]

Demystifying two common misconceptions with e-commerce security

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual scams but also digital skimming, the online equivalent of credit card theft. As a consumer, you may be … [Read more...]

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, they’ve also caused quite the headache for browser vendors to fix. Browser lockers are only one element of a bigger plan to redirect traffic from certain sites, typically via … [Read more...]

New web skimmer steals credit card data, sends to crooks via Telegram

The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid detection. As defenders, we look for any kind of artifacts and malicious infrastructure that we might be able to identify to protect our users and alert affected merchants. These malicious artifacts can range from compromised stores to malicious JavaScript, … [Read more...]

SBA phishing scams: from malware to advanced social engineering

A number of threat actors continue to take advantage of the ongoing coronavirus pandemic through phishing scams and other campaigns distributing malware. In this blog, we look at a specific organization, namely the US Small Business Administration (SBA), and how threat actors have been impersonating it in a number of phishing attempts targeted at business owners, CEOs, and CFOs. GuLoader … [Read more...]

Inter skimming kit used in homoglyph attacks

As we continue to track web threats and credit card skimming in particular, we often rediscover techniques we’ve encountered elsewhere before. In this post, we share a recent find that involves what is known as an homoglyph attack. This technique has been exploited for some time already, especially in phishing scams with IDN homograph attacks. The idea is simple and consists of using … [Read more...]

Malspam campaign caught using GuLoader after service relaunch

They say any publicity is good publicity. But perhaps this isn’t true for CloudEye, an Italian firm that claims to provide “the next generation of Windows executables’ protection”. First described by Proofpoint security researchers in March 2020, GuLoader is a downloader used by threat actors to distribute malware on a large scale. In June, CloudEye was exposed by … [Read more...]

Credit card skimmer targets ASP.NET sites

Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is often determined by their ability to scale attacks, and therefore on how prevalent a vulnerability or target system is. Enter: the credit card skimmer. In the world of digital skimming, we’ve seen the most activity on e-commerce content management systems (CMSes), such … [Read more...]

Credit card skimmer masquerades as favicon

Malware authors are notorious for their deceptive attempts at staying one step ahead of defenders. As their schemes get exposed, they always need to go back to their bag of tricks to pull out a new one. When it comes to online credit card skimmers, we have already seen a number of evasion techniques, some fairly simple and others more elaborate. The goal remains to deceive online shoppers while … [Read more...]