"Europol warns 443 online shops infected with credit card stealers"

Europol has recently notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases.  Skimmers are small snippets of JavaScript code added to checkout pages or loaded from a remote resource to evade detection.  Europol noted that they are designed to intercept and steal payment card numbers, expiration dates, verification numbers, names, and shipping addresses and then upload the information to the attackers' servers.  Threat actors use the stolen data to perform unauthorized transactions, such as online purchases, or resell them to other cybercriminals on dark web marketplaces.  Europol noted that these attacks can go undetected for weeks or even several months, and depending on the popularity of the breached e-commerce platforms, cybercriminals can collect large numbers of payment card details.  Coordinated by Europol and spearheaded by Greece, a two-month international operation involving law enforcement from 17 countries and private entities such as Group-IB and Sansec identified skimmer infections on 443 websites.  Additional details shared by Group-IB reveal that the operation unearthed 23 distinct families of JavaScript sniffers, including ATMZOW, health_check, FirstKiss, FakeGA, AngryBeaver, Inter, and R3nin.  Europol noted that the above families are known for elusive behavior, such as abusing Google Tag Manager to update their malicious code snippets and mimicking Google Analytics code to dodge detection during website code inspections.

 

BleepingComputer reports: "Europol warns 443 online shops infected with credit card stealers"

Submitted by Adam Ekwall on