Leave a comment

Card skimming malware infecting thousands of online retailers

Card skimming malware infecting thousands of online retailers
Photo courtesy of Shutterstock

If you think hardware credit card skimmers in brick-and-mortar payment terminals are bad enough, wait till you hear this. Physical card skimming's cyberspace equivalent has come of age and has been reportedly running rampant for months, quietly siphoning millions of online customers' credit card information and handing it over to cybercriminals.

Around 6,000 online shops were found to be infected with malicious Javascript software code that can intercept and pilfer credit and debit card details, according to Dutch researcher Willem de Groot, and the problem is getting worse.

In a recent blog post, de Groot detailed how hackers are exploiting vulnerabilities in popular retailing software found in most of the compromised merchants' online stores.

They attack unpatched software flaws and once the criminals gain access to the store's source code, they install a Javascript wiretap that relays payment data to collection servers evidently located in Russia. In other instances, hackers simply exploit weak passwords and brute-force their way into the website's administration page.

De Groot said he has been investigating the problem since November of last year when his own payment card information was stolen online. He then scanned a sample of 255,000 online stores and found 3,501 were already infected with skimming malware.

Now, almost a year later, he said the incidents have gone up by 69 percent with 5,925 online merchant shops now infected with the malicious JavaScript code, some of them unwitting hosts for almost 18 months.

The list of compromised websites is troubling since it includes big labels and top brands, from car maker Audi, shoe outlets like Converse and Heels.com to music artist websites like Bjork's.

There are even credible reports that the web storefront of the National Republican Senatorial Committee had the credit card siphoning malware for almost six months before it was finally patched recently. If you have donated to the Republican campaign between March 2016 and earlier this month using this site, please check your credit card and banking statements for any fraudulent activity.

Click here to view the list of compromised online shops.

The question then is how did this siphoning malware go unnoticed for months on end?

According to de Groot, the hackers became real proficient in obfuscating and hiding the malware code. The first cases contained easy to spot JavaScript code but later on, they employed multi-layer obfuscation and randomness, making it harder to filter and reverse engineer.

The malware has also evolved to the point that some versions even check for popular payment plugins like PayPal instead of just scanning for checkout webpages.

"Today, at least 9 varieties and 3 distinct malware families can be identified," de Groot warned. This could mean that multiple individuals and cybercriminal gangs are involved.

De Groot said that it depends on the online merchant if they want to prevent such attacks and protect their customers but some are unwilling to take action due to software upgrade cost concerns.

"New cases could be stopped right away if store owners would upgrade their software regularly," he stated. "But this is costly and most merchants don't bother."

His other solutions shift the policing responsibilities to credit card companies since they can always revoke the payment license of merchants with vulnerable payment software.

He also suggested that web browsers add compromised sites to safe browsing blacklists such as Chrome's. With this inclusion in these lists, visitors will have to click through warning pages before they can access a compromised site's checkout page. He said that this will force merchants to quickly resolve their issues.

Merchants can check if their store is compromised by using MageReport. This site will check if Magento, a widely-used web shop software, is vulnerable to attacks. If infected, he recommends hiring a competent programmer to recover the hacked store and clean out any compromised website code.

For consumers, be careful when using any payment card online and regularly check the list of compromised websites we mentioned earlier. De Groot regularly updates this list with his latest scan results.

To read de Groot's findings about this scary hack, check out his official blog.


Next Story
Source: BBC
View Comments ()
Watch out Amazon! There’s a new way to get free TV shows and movies
Previous Happening Now

Watch out Amazon! There’s a new way to get free TV shows and movies

Facebook gets very political
Next Happening Now

Facebook gets very political