24 May 2022

Credit card skimmers are switching techniques to hide their attacks

Microsoft has reported that card-skimming malware that aim to steal bank card details are increasingly turning towards utilizing malicious PHP script on web servers to manipulate payment pages. This enables the attacker to bypass browser defenses triggered by JavaScript code. Microsoft says that its researchers have observed the shift in

Read More
17 May 2022

FBI says hackers used malicious PHP code to grab credit card data

The Federal Bureau of Investigations (FBI) has warned that an unknown threat actor is scraping credit card data from the checkout process of US businesses. The campaign targeting the e-commerce industry is leveraging the malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page. Then, the inputted information

Read More
01 Dec 2020

Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout

A new credit card skimmer is utilizing postMessage to create convincing PayPal transactions that are illegitimate and steal payment data. The new credit card skimming campaign comes during the holiday season when more customers are using e-commerce sites and shopping online. The malicious process hijacks PayPal transactions during checkout, causing

Read More
15 Sep 2020

Magecart Attack Impacts More Than 10K Online Shoppers

One of the largest known Magecart campaigns in history occurred over the weekend, impacting nearly 2,000 e-commerce sites. The attacks may have been a result of Magecart operators leveraging a zero-day exploit, however, the exact technicalities of the attack remain unknown. The campaign has affected tens of thousands of customers,

Read More
04 Sep 2020

Warner Music discloses months-long web skimming incident

Warner Music Group, a well-known record producer disclosed yesterday that they had been targeted by a cyberattack in which customers’ payment card information may have been exposed. The attack was a web skimming or magecart style hack in which cybercriminals compromise a website and insert malicious code. This code collects

Read More
10 Feb 2020

Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites

Magecart group has struck again, this time hitting websites selling Olympic tickets and sites selling things like emergency preparation kits through a recent digital card skimmer attack. The attack aims to steal payment data from various websites. Two tickets sales websites, one called Olympic Tickets and the other called Euro

Read More