Web Skimmer Targets Multiple E-Commerce Platforms

Summary

Sansec researchers discovered a web skimming campaign in which information was harvested via malicious checkout pages. Typically, web skimmers target a single e-commerce platform; however, this campaign targeted multiple e-commerce platforms, including Shopify, BigCommerce Zencart, and Woocommerce. Before the actual legitimate checkout page, a fraudulent payment page is displayed and a keylogger is used to intercept payment and personal information. After completing the fraudulent form and hitting the “Proceed” button, an error message is displayed indicating the order failed to process, the information is sent to the threat actors in the background, and the victim is redirected to the legitimate checkout form. This skimming campaign is believed to have been active since August 2020 due to the technique used to exfiltrate data and automatically generated domains.

Recommendations

The NJCCIC recommends website administrators block access to sensitive information entered into web forms and stored cookies. E-commerce customers are advised to stay vigilant and look out for indications of suspicious webpages and payment processes. Customers may consider using credit over debit, as credit often provides better consumer fraud protection, and enable payment transaction notifications to alert of any unauthorized charges. If an unauthorized transaction occurs, notify the associated bank immediately, lock the payment card (where available), and request a new card. For additional information, please review the Sansec article.