Web skimming hackers infiltrate over 40 ecommerce websites - that we know of

News
By published

Web skimming attacks are becoming more prevalent, experts warn

ID theft
(Image credit: Future)

A new set of web skimming attacks have been discovered by JavaScript monitoring company Jscrambler, including attacks using methods that are reportedly unrecognizable.

In a blog post, the company outlined how it detected a web skimming attack on a discounted web marketing and analytics service occurred through the acquisition of its domain name (Cockpit). The domain name has not been in use since 2014.

The Group X skimmers were able to compromise over 40 ecommerce websites, and the data collected from the sites was encoded, encrypted and sent to an exfiltration server based in Russia, according to Jscrambler.

Active web skimming attacks 

The vendor mentions that once the cyber-criminals successfully exfiltrate the data of the webpage’s original elements, it injects its own fake elements by impersonating a credit card submission form.

Through the use of this method of hacking, any data inserted by the user will continue to be gathered and leaked every time there is a click on the page.

Jscrambler also found two other web skimming groups - Group Y and Group Z, with Group Y reportedly using a similar skimmer to Group X, while Group Z used a modified server structure for its attacks.

Read more

> Common misconceptions about the rise of Magecart attacks

> Retailers using WooCommerce are the next target for Magecart card skimmer attacks

> How to survive a drive-by malware attack

Web skimming, also known as Magecart attacks, occurs when hacker groups use online skimming techniques for the purpose of stealing personal data from websites. The hackers mostly target credit card information on sites that accept online payment or personal customer information.

The blog post mentions that there’s a chance that some websites were using a Content Management System (CMS) or a website generator provider that was injecting the third-party script into their pages.

“In that case, they might be unable to remove the library from their websites due to restricted permissions or lack of knowledge,” Jscrambler wrote.

In November, 2022, the UK's National Cyber Security Centre (NCSC) alerted over 4,000 small business websites about the compromised payment portals on their ecommerce platforms, ahead of Black Friday - the busiest time for online retailers.

Abigail Opiah
Abigail Opiah
B2B Editor - Web hosting & Website builders

Abigail is a B2B Editor that specializes in web hosting and website builder news, features and reviews at TechRadar Pro. She has been a B2B journalist for more than five years covering a wide range of topics in the technology sector from colocation and cloud to data centers and telecommunications. As a B2B web hosting and website builder editor, Abigail also writes how-to guides and deals for the sector, keeping up to date with the latest trends in the hosting industry. Abigail is also extremely keen on commissioning contributed content from experts in the web hosting and website builder field.

Read more
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
WordPress users targeted by devious new credit card skimmer malware
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
Google system abused by hackers to hijack ecommerce stores
Casio logo
Casio’s online store hit by bogus credit card stealing checkout form
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
European Space Agency hack sees official store hijacked to steal customer details
Robotic hand clicking on captcha 'I am not a robot'.
Double clicking danger - experts warn just two clicks can let attackers steal your accounts
A close-up of an interent search bar with 'http://ww' visible
Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard
Latest in Security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Latest in News
A phone showing a ChatGPT app error message
ChatGPT is down for many – here's what's going on
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
US flags
US government IT contracts set to be centralized in new Trump order
Tesla Roadster 2
Tesla is still taking deposits on its long overdue Roadster, despite promising it would arrive in 2020
Samsung HW-Q990D soundbar with Halloween theme over the top
Samsung promises to repair soundbars bricked by its disastrous software update for free – but it'll probably involve shipping
More about security
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol

Coinbase targeted after recent Github attacks
Oracle

Oracle denies data breach after hacker claims to hold six million records
A screenshot from The First Berserker: Khazan

I got absolutely destroyed by The First Berserker: Khazan’s bosses for hours on end and loved every second of it
See more latest