Menu
Thousands of online shops compromised for credit card theft

Thousands of online shops compromised for credit card theft

Attackers injected malicious JavaScript code into e-commerce websites to steal payment card data

Almost 6,000 online shops have been compromised by hackers who added specially crafted code that intercepts and steals payment card details.

These online skimming attacks were first discovered by Dutch researcher Willem de Groot a year ago. At that time, he found 3,501 stores containing the malicious JavaScript code. However, instead of getting better, the situation is increasingly worse.

By March the number of infected shops grew by almost 30 percent to 4,476, and by September, it reached 5,925. More than 750 online stores who were unwillingly skimming payment card details for attackers in 2015 are still doing so today, showing that this type of activity can go undetected for months, the researcher said in a blog post.

De Groot's data suggests there are multiple groups engaged in online skimming. While in 2015, there were variants of the same malware code, today there are three distinct malware families with a total of nine variants.

"The first malware just intercepted pages that had checkout in the URL," the researcher said. "Newer versions also check for popular payment plugins such as Firecheckout, Onestepcheckout, and Paypal."

The malicious code is obfuscated and is deployed using known vulnerabilities in content management solutions or e-commerce software that website owners have failed to patch.

What's worse is that some shop owners don't seem to grasp the seriousness of these issues or understand their impact. De Groot gives some examples of the worst answers he has received from companies when he attempted to inform them about the compromises.

"We don’t care, our payments are handled by a 3rd party payment provider," one unnamed shop owner said.

"Our shop is safe because we use HTTPS," said another.

HTTPS protects against man-in-the-middle attacks, where the attacker is in a position on the network to intercept traffic between a user and a server. However, in this case, the malicious code runs on the server itself and is served over HTTPS, so it can see whatever information users enter into websites.

As for using a third-party payment processor, "if someone can inject Javascript into your site, your database is most likely also hacked," de Groot said.

The good news is that some shop owners are taking action, with 334 stores fixed in a 48-hour period. On the other hand, during the same time period, 170 new stores were hacked.

De Groot has published the list of compromised websites on Github.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments