"Fresh Card Skimmer Attacks Multiple E-Commerce Platforms"
Researchers with the Dutch security firm Sansec recently discovered a payment card skimmer targeting multiple content management systems that support many e-commerce sites' online checkout pages. According to a report released by the researchers, the new skimmer was found on a dozen online stores' checkout pages supported by content management systems hosted on platforms from Shopify, BigCommerce, Zen Cart, and WooCommerce. It remains unclear as to whether this payment card-skimming malware is tied to a specific Magecart group. Magegroup refers to several separate hacking groups aimed at stealing credit card numbers and other sensitive data through the performance of web-based card-skimming attacks. The report highlights that the skimmer is unusual because it can target multiple content management systems simultaneously instead of individually. This article continues to discuss current findings surrounding how the new payment card skimmer works, as well as other new techniques that fraudsters have been using to hide malicious JavaScript skimmers within e-commerce checkout sites.
GovInfoSecurity "Fresh Card Skimmer Attacks Multiple E-Commerce Platforms"