“It’s a departure from earlier tactics in which attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to traditional security solutions,” the Microsoft 365 Defender Research Team said in a new report.
Skimming attacks, such as those carried out by Magecart, are carried out with the objective of harvesting and exporting customers’ financial information, such as credit card numbers, that are submitted into online payment forms on e-commerce platforms, generally during the checkout process.
As the quantity of skimming assaults has risen over time, so have the tactics used to conceal the skimming programs. Malwarebytes uncovered a campaign last year in which malicious actors were detected sending PHP-based web shells encoded within website favicons to launch the skimmer malware.
In an attempt to escape detection, encoded skimmer script URLs were found within faked Google Analytics and Meta Pixel code.
Unfortunately, there isn’t much that online consumers can do to protect themselves from web skimming other than ensure that their browser sessions are secure during checkout. Users can also establish virtual credit cards to protect their payment information.
“Given the increasingly evasive tactics used in skimming campaigns, organizations should ensure that their e-commerce platforms, CMSs, and installed plugins are up to date with the latest security patches and that they only download and use third-party plugins and services from trusted sources,” Microsoft said.