Microsoft has reported that card-skimming malware that aim to steal bank card details are increasingly turning towards utilizing malicious PHP script on web servers to manipulate payment pages. This enables the attacker to bypass browser defenses triggered by JavaScript code. Microsoft says that its researchers have observed the shift in tactics to Magecart malware that relies on JavaScript code to inject scripts into checkout pages. Microsoft reported that injecting JavaScript into front-end processes was considered to be conspicuous as it might set off browser protection services.
Attackers have since found techniques that are better at circumventing security services, targeting web servers with malicious PHP scripts. Microsoft reported that in November of 2021, its researchers identified two malicious email files being uploaded to a server hosted by the popular e-commerce platform Magento. The images contained embedded PHP script that ran after confirming that the web admin was not signed in. This allowed the attackers to only target shoppers. This is just one example of what Microsoft believes to be a wider shift in card-skimming techniques.
Read More: Credit card skimmers are switching techniques to hide their attacks