Card Skimming Javascript - Threatwire Crosspost (Patreon)

by Shannon Morse, Threatwire

More than 100 e-commerce sites have been hosting malicious card skimming Javascript that can steal credit card details whenever a user enters their card info upon checkout, according to a report by cybersecurity company Netlab 360. 

Netlab 360 found 105 websites hosting the script, which can extract the name, credit card number, expiration date, and CVV number of a payment card when entered on the sites. All sites listed are smaller, niche market sites that sell outdoor equipment, auto parts, clothing, sporting equipment, foods, baby merchandise and more - many of which are based in the US. 

The Javascript is hosted at magento-analytics.com, which returns a 403 error if you try to visit that site. But, URLs under that domain do host malicious code and can be used to infect other e-commerce sites.

The Hacker News says that it’s not known how these sites were infected in the first place or if there were any vulnerabilities exploited in these attacks. All sites are running Magento e-commerce CMS software - but that specific piece of information has not been tied to the malicious scripts of the same name, which likely use that name to disguise itself from users.

According to the head of threat intelligence at Malwarebytes, Jerome Segura, this isn’t new. Segura told Ars Technica, “We block an average of 100 connections to this domain daily from Malwarebytes users that visit an online store that's been hacked.”

A surge of infections of this kind started last year, with popular sites like British Airways, Newegg, and more being infected for months at a time. Unfortunately, it’s hard to detect card skimming JavaScript for both the web site administrator as well as the user. Web admins should apply updates and patches to their sites, limit privileges, and harden the security of their servers.

If you’re worried about card skimming online, consider only using credit cards which offer better protections than debit cards, or switching to temporary cards that use a fixed line of credit. Check your statements every month for fraudulent charges as well, because chargebacks can only be made for a limited time set by your bank.