fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Credit Card Skimmer Fills Fake PayPal Forms With Stolen Order Info

Credit Card Skimmer Fills Fake PayPal Forms With Stolen Order Info

A newly discovered credit card skimmer uses an innovative technique to inject highly convincing PayPal iframes and hijack the checkout process on compromised online stores.

Payment card skimmers are JavaScript-based scripts that cybercrime gangs known as Magecart groups inject within the checkout pages of e-commerce sites after hacking them as part of web skimming (also known as e-skimming) attacks.

The attackers’ end goal is to harvest the payment and personal information submitted by the hacked stores’ customers and to send it to remote servers under their control.

Stolen order info used to pre-fill malicious checkout iframes

This new tactic for stealing online shoppers’ payment card information was discovered by Affable Kraut using data from Sansec, a security company focused on fighting digital skimming.

As he discovered when analyzing the web skimmer, the malicious script was hidden inside an image hosted on the compromised store’s own server using steganography.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

The skimmer (cleaned and commented version available here) will capture all order form data entered by the victims and will exfiltrate it to the attackers’ servers.

Harvesting payment data
Harvesting payment data (Affable Kraut)

However, this is where similarities with regular skimmer scripts end since the stolen order data is also later used to pre-fill fake PayPal payment forms that will be injected and displayed during the checkout process instead of legitimate forms.

The skimmer will also parse the order info before using it to fill the PayPal forms and “[i]f the data is no good, it actually sends a message back to the page on the victim’s site,” as Kraut found, effectively removing the malicious iframes from the checkout page.

If the parsed data passes the checks, “[t]he __activatePg call takes the passed data and uses it to prefill the fake PayPal form, which is honestly kind of ingenious.”

When the victim will get redirected to the PayPal order page, the fact that it’s already partially filled out will likely raise the odds that it will be convincing enough to successfully capture their payment data.

“It even passes along the items in the cart and the accurate Total, Taxes, and Shipping costs,” as Kraut added.

Once the victim enters their payment information and hits the submit button, the skimmer will exfiltrate all of it to apptegmaker[.]com, a domain registered in October 2020 and connected to tawktalk[.]com (this domain was also used for data exfil by a Magecart group with similarly coded loaders).

After stealing the victims’ payment data, the skimmer will click the order button behind the malicious iframe sending the victim back to the legitimate checkout process.

Clicking the legitimate order button
Clicking the legitimate order button (Affable Kraut)

Defending against web skimming

Last year, the FBI warned both government agencies and SMBs (small and medium-sized businesses) of e-skimming threats targeting their process online payments.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have also shared [12] defense measures that businesses and government agencies can implement to protect themselves and their users from web skimming threats.

The PCI Security Standards Council also provides its own list of best practices for securing e-commerce platforms [PDF].

However, users have a lot fewer options to protect themselves against Magecart attacks, with browser extensions specially designed to block loading JavaScript code on untrusted websites being one of them.

This approach, unfortunately, is not very helpful if the hackers manage to compromise whitelisted e-commerce sites as it usually happens during Magecart attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us