OODA Loop – Credit card skimmers switch techniques to hide their attacks


Microsoft has reported that card-skimming malware that aims to steal bank card details is increasingly turning to using malicious PHP scripts on web servers to manipulate payment pages. This allows the attacker to bypass browser defenses triggered by JavaScript code. Microsoft says its researchers have observed the shift in tactics towards the Magecart malware which relies on JavaScript code to inject scripts into checkout pages. Microsoft reported that injecting JavaScript into front-end processes was considered obvious because it could trigger browser protection services.

Attackers have since found more effective techniques to bypass security services, targeting web servers with malicious PHP scripts. Microsoft reported that in November 2021, its researchers identified two malicious email files uploaded to a server hosted by popular e-commerce platform Magento. The images contained an embedded PHP script that ran after confirming that the web admin was not logged in. This allowed attackers to target buyers only. This is just one example of what Microsoft sees as a broader shift in card skimming techniques.

Read more: Credit card skimmers switch techniques to hide their attacks


Comments are closed.