HackDig : Dig high-quality web security articles for hackers

New web skimmer steals credit card data, sends to crooks via Telegram

The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid detection. As defenders, we look for any kind of artifacts and malicious infrastructure that we might be able to identify to protect our users and alert affected merchants. These malicious artifacts can range from compromis
Publish At:2020-09-01 16:25 | Read:154 | Comments:0 | Tags:Web threats credit card credit card skimmer credit card skim

Credit card skimmer targets ASP.NET sites

Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is often determined by their ability to scale attacks, and therefore on how prevalent a vulnerability or target system is. Enter: the credit card skimmer. In the world of digital skimming, we’ve seen the most activity on e-commerce co
Publish At:2020-07-06 15:00 | Read:384 | Comments:0 | Tags:Threat analysis ASP.net credit card credit card skimmer cred

Credit card skimmer masquerades as favicon

Malware authors are notorious for their deceptive attempts at staying one step ahead of defenders. As their schemes get exposed, they always need to go back to their bag of tricks to pull out a new one. When it comes to online credit card skimmers, we have already seen a number of evasion techniques, some fairly simple and others more elaborate. The goal
Publish At:2020-05-18 13:43 | Read:420 | Comments:0 | Tags:Threat analysis ants and cockroach credit car credit card sk

Tupperware Website Compromised with Credit Card Skimmer

Digital attackers compromised the website of kitchen and household products manufacturer Tupperware with a credit card skimmer.On March 20, researchers at Malwarebytes observed that attackers had compromised tupperware[.]com by hiding malicious code within an image file. This code activated when a user attempted to check out and complete their purchase on Tu
Publish At:2020-03-27 09:26 | Read:720 | Comments:0 | Tags:IT Security and Data Protection Latest Security News credit

Criminals hack Tupperware website with credit card skimmer

On March 20, Malwarebytes identified a targeted cyberattack against household brand Tupperware and its associated websites that is still active today. We attempted to alert Tupperware immediately after our discovery, but none of our calls or emails were answered. Threat actors compromised the official tupperware[.]com site—which averages close to 1 millio
Publish At:2020-03-25 14:34 | Read:665 | Comments:0 | Tags:Hacking credit card Magecart skimmer skimming steganography

Lock and Code S1Ep2: On the challenges of managed service providers

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to two representatives from an Atlanta-based managed service provider—a manager of engineering services and a data center architect—about the daily challenges of managing thousands of nodes and the future of the industr
Publish At:2020-03-16 14:22 | Read:826 | Comments:0 | Tags:Podcast bec conficker coronavirus fingerprint files MSP phis

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimmers mimicked content delivery networks in order to hide their payload. This time, we are looking at a far more clever scheme. This latest skim
Publish At:2020-03-10 12:32 | Read:654 | Comments:0 | Tags:Threat analysis HTTPS JavaScript Magecart skimmer skimming C

A week in security (December 30 – January 5)

Last week on Malwarebytes Labs, we took a dive into edge computing, looked at new web skimmer techniques, and rolled our eyes at silly people doing silly things. Other cybersecurity news: Stills and chills: A Reddit user notices their security camera is grabbing stills from other people’s devices. (Source: Reddit) Tik Tok, the clock has stopped: The US Mili
Publish At:2020-01-06 21:50 | Read:1180 | Comments:0 | Tags:A week in security CISO malware skimmer tiktok week in secur

New evasion techniques found in web skimmers

For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known as Magecart. It took some major incidents, notably t
Publish At:2020-01-02 16:50 | Read:1201 | Comments:0 | Tags:Threat analysis credit card Magecart skimmer steganography w

There’s an app for that: web skimmers found on PaaS Heroku

Criminals love to abuse legitimate services—especially platform-as-a-service (Paas) cloud providers—as they are a popular and reliable hosting commodity used to support both business and consumer ventures. Case in point, in April 2019 we documented a web skimmer served on code repository GitHub. Later on in June, we observed a vast campaign where skimming
Publish At:2019-12-04 16:50 | Read:1211 | Comments:0 | Tags:Web threats app apps credit card heroku Magecart paas skimme

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

This blog post was authored by Jérôme Segura, William Tsing, and Adam Thomas. In a previous post, we described the possible overlap between certain domains registered by Magecart Group 4 and the Cobalt gang. While attribution is always a difficult endeavor, sharing TTPs can help others to connect the dots between campaigns observed in the wild and threat
Publish At:2019-10-22 11:20 | Read:1314 | Comments:0 | Tags:Threat analysis advanced persistent threats APTs attribution

FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops

We discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. Our data shows that the attack started on September 7, 2019. All of the impacted online shops are hosted on the cloud platform of the e-commerce service provider “Volusion,” one of the top e-commerce platforms in the market.
Publish At:2019-10-09 22:00 | Read:1515 | Comments:0 | Tags:Bad Sites Malware credit card ecommerce FIN6 Magecart Skimme

Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites

We discovered a series of incidents where the credit card skimming attack Magecart was used to hit the booking websites of chain-brand hotels — the second time we’ve seen a Magecart threat actor directly hit ecommerce service providers instead of going for individual stores or third-party supply chains. Back in May, we discovered a new Magecart-using group c
Publish At:2019-09-19 14:50 | Read:1028 | Comments:0 | Tags:Malware Magecart Skimmer

Tools

Tag Cloud