State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Credit Card Skimming Campaign Targets Websites Running ASP.NET

NJCCIC Alert

Original Release Date: 7/10/2020

Summary

Credit card skimmers are typically found on websites using the widely-adopted Linux-based stacks; however, this skimming campaign was discovered on at least a dozen websites using Windows-based stacks and has been active since mid-April 2020. The identified websites ran shopping cart applications and were hosted on Microsoft IIS servers running ASP.NET web framework version 4.0.30319, which is no longer supported and contains multiple vulnerabilities. Cyber-criminals inject the skimming code remotely or directly into the compromised JavaScript library of the affected website to steal credit card numbers and passwords, which are exfiltrated through the same domain in a GET request as a GIF image file.

Recommendations

The NJCCIC recommends organizations monitor their systems for malicious activity and follow the recommendations provided in the previous threat alert. Technical details and Indicators of Compromise (IoCs) can be found in the Malwarebytes blog post.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.