“It’s a shift from earlier tactics where attackers conspicuously injected malicious scripts into e-commerce platforms and content management systems (CMSs) via vulnerability exploitation, making this threat highly evasive to traditional security solutions,” Microsoft 365 Defender Research Team said in a new report.
Skimming attacks, such as those by Magecart, are carried out with the goal of harvesting and exporting users’ payment information, such as credit card details, entered into online payment forms in e-commerce platforms, typically during the checkout process.
As skimming attacks have increased in number over the years, so have the methods employed to hide the skimming scripts. Last year, Malwarebytes disclosed a campaign wherein malicious actors were observed delivering PHP-based web shells embedded within website favicons to load the skimmer code.
Also detected is the use of encoded skimmer script domains within spoofed Google Analytics and Meta Pixel code in an attempt to stay under the radar and avoid raising suspicion.
Unfortunately, there’s not a lot online shoppers can do to protect themselves from web skimming other than ensuring that their browser sessions are secure during checkout. Alternatively, users can also create virtual credit cards to secure their payment details.
“Given the increasingly evasive tactics employed in skimming campaigns, organizations should ensure that their e-commerce platforms, CMSs, and installed plugins are up to date with the latest security patches and that they only download and use third-party plugins and services from trusted sources,” Microsoft said.