Submitted via IRC for SoyCow0824
E-commerce site is infected not by one, but two card skimmers
Payment card skimming that steals consumers’ personal information from e-commerce sites has become a booming industry over the past six months, with high-profile attacks against Ticketmaster, British Airways, Newegg, and Alex Jones’ InfoWars, to name just a few. In a sign of the times, security researcher Jérôme Segura found two competing groups going head to head with each other for control of a single vulnerable site.
The site belongs to sportswear seller Umbro Brasil, which as of Tuesday morning was infected by two rival skimmer groups. The first gang planted plaintext JavaScript on the site that caused it to send payment card information to the attackers as customers were completing a sale. The malicious JavaScript looked like this: [image]
A second gang exploited either the same or a different website vulnerability as the first. The second group then installed much more advanced JavaScript that was encoded in a way to prevent other programs from seeing what it did. This is what it looked like: [image]
The obfuscated JavaScript actively tampered with the less-sophisticated payment skimmer installed by the first gang. Specifically, it replaced the last digit of a credit card number with a randomly generated digit before being sent to the first group. As a result, there was a 90 percent chance that the number obtained by the first group would be incorrect. Because the first group used unobfuscated JavaScript, the skimmer is much more vulnerable to tampering by rivals.
(Score: 3, Touché) by Whoever on Thursday November 22 2018, @12:26AM
You can't even do some honest card skimming without someone coming along and interfering with your business.