Product reviews, deals and the latest tech news

At least 40 e-commerce websites have been compromised by web-skimming hackers

Jscrambler, a company that monitors JavaScript, has discovered a new wave of web skimming attacks, some of which use techniques that are not easily identifiable.

The company acquired its domain name after discovering a web skimming attack on a cheap web marketing and analytics service, as detailed in a blog post (Cockpit). After 2014, no one used that domain anymore.

According to Jscrambler, Group X skimmers compromised more than 40 online retailers, and the stolen information was encrypted and sent to a server in Russia for exfiltration.

Violent attempts to steal information from websites

Cybercriminals steal sensitive information from a website’s original elements, and then the vendor injects its own fake elements, such as a credit card submission form, into the page.

If a user enters information into the form, that information will be collected and leaked with each click on the page if the form is hacked using this technique.

Group Y, discovered by Jscrambler, is said to have employed a skimmer analogous to Group X’s; in contrast, Group Z, discovered by the same tool, employs a tweaked server architecture in its attacks.

Web skimming, also referred to as a Magecart attack, is the practise of stealing sensitive information from websites through the use of online skimming techniques. Data such as customer credit card numbers and other personal information is a common target for hackers.

Some websites may have had the third-party script injected into their pages by a Content Management System (CMS) or a website generator provider, as mentioned in the blog post.

Then, “they might be unable to remove the library from their websites due to restricted permissions or lack of knowledge,” Jscrambler said.

Before Black Friday, the busiest time of year for online retailers, the UK’s National Cyber Security Centre (NCSC) warned over 4,000 small business websites that their ecommerce platforms’ payment portals had been compromised (opens in new tab).