Credit card stealer script on Online Store Payment Page

December 15, 2020
Credit Card Stealer Scripts Online Stores Magecart

Nowadays, people have 2 (two) payment experience, either you go physically to the store or shop online. Paying online is becoming a trend across several companies. As the company expands its business in e-commerce, the businesses provide their customer with a seamless experience by offering different methods of online payments. The methods are credit or debit cards, prepaid card payments, bank transfers, e-wallets, cash, cryptocurrencies, and mobile payments. With having digital payments or online payments available worldwide, it provides transparency and security for easier accountability and tracking of payment and inclusive growth to the customers and businesses.


Are your online stores safe from credit card stealers?

Given the rise in online payment, threat actors have become more sophisticated in attacking online stores to steal credit card information from the customers. The recent technique that the hackers used to penetrate the online shops is called Web Skimmer that uses CSS codes. Web skimming is a type of Internet fraud that targets to compromise the payment page on a website to filch payment information. While CSS file is used to design the content on the webpage’s font, size, colour, line spacing borders, indentation, and location of HTML elements.


Malicious scripts on CSS codes

The threat actors used the CSS file to hide their stealer script in the codes and blends within the payment website page. The malicious script can avoid being detected by the automatic security scanners and manual security code audits. Security researchers have noticed this credit card skimmer on three online stores. This attack is similarly known as the Magecart script, which is created by a group of malicious hackers that targets shopping cart systems. Magecart was labelled as one of the most dangerous people on the Internet in 2018 for compromising websites and planting card skimmers in several online stores.

The detected Magecart script is still active on one of the online stores. Once the customer proceeds with the checkout button, a javascript parser will direct and open the malicious URL stored in the CSS code. From then, attackers will be able to steal personal and card information and send it back to the hacker server. With this method, attackers will be able to hide their malicious activities on any compromised websites.

As we go forward digitally, proper planning and execution of security precautions should be a necessity. The rise of e-commerce is growing fast, and online payments have their drawbacks. Placing robust security systems such as authentication steps, anti-malware, anti-phishing tools, compromised credit card recovery, end to end web security protection, and fraud detection should be considered to prevent attackers from compromising the systems.

About the author

Leave a Reply