“This is a change from previous tactics where attackers visibly injected malicious scripts into e-commerce platforms and content management systems (CMS) via vulnerability exploitation, making this threat highly evasive to traditional security solutions,” the Microsoft 365 Defender research team said in a new report. .
Skimming attacks, such as those of Magecart, are carried out with the aim of collecting and exporting users’ payment information, such as credit card details, which are entered into online payment forms on e-commerce platforms, usually during the checkout process.
As skimming attacks have increased in number over the years, the methods employed to hide skimming scripts have also increased. Last year, Malwarebytes exposed a campaign in which malicious actors were observed delivering PHP-based web shells embedded in website favicons to load skimmer code.
The use of skimmer script domains encoded in spoofed Google Analytics and Meta Pixel code is also detected in an effort to stay under the radar and avoid raising suspicion.
Unfortunately, there is little that online shoppers can do to protect themselves from web skimming other than ensuring their browsing sessions are secure during checkout. Alternatively, users can also create virtual credit cards to secure their payment information.
“Given the increasingly evasive tactics used in skimming campaigns, organizations need to ensure that their e-commerce platforms, CMSs and installed plugins are up to date with the latest security patches and that ‘They only download and use third-party plugins and services from trusted sources,’ Microsoft said.