Web skimming typically targets platforms like Magento, PrestaShop, and WordPress, which are popular choices for online shops because of their ease of use and portability with third-party plugins. Unfortunately, these platforms and plugins come with vulnerabilities that the attackers have constantly attempted to leverage. One notable web skimming campaign/group is Magecart, which gained media coverage over the years for affecting thousands of websites, including several popular brands.
How web skimming works
This primary goal of web skimming campaigns is to harvest and later exfiltrate users’ payment information, such as credit card details, during checkout. To achieve this, attackers typically take advantage of vulnerabilities in e-commerce platforms and CMSs to gain access to pages they want to inject the skimming script into. Another common method is web-based supply chain attacks, where attackers use vulnerabilities in installed third-party plugins and themes or compromise ad networks that may inevitably serve malicious ads without the site owner’s knowledge or consent.
In November 2021, a malicious bug was planted into a Magento server that would automatically search for the terms “checkout” and “one page” in search of credit card data.
The FBI said hackers were “sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server.”
The latest version of the scam involves writing a “PHP script” into the server.
The bit of code will sit silently and idly until it has been determined that the site’s administrators are not logged in, according to ZDNet.
“Based on previous similar attacks, we believe that the attacker used a PHP ‘include’ expression to include the image (that contains the PHP code) in the website’s index page, so that it automatically loads at every webpage visit,” Microsoft wrote in a cybersecurity blog post.
“The impact of web skimming campaigns could translate into monetary loss, reputation damage, and loss of customer trust,” Microsoft said.
Monitor your credit card spending history and keep an eye on the browser’s URL when shopping online – if something looks fishy, it probably is.