Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Wednesday November 21 2018, @11:00PM   Printer-friendly
from the fight! dept.

Submitted via IRC for SoyCow0824

E-commerce site is infected not by one, but two card skimmers

Payment card skimming that steals consumers’ personal information from e-commerce sites has become a booming industry over the past six months, with high-profile attacks against Ticketmaster, British AirwaysNewegg, and Alex Jones’ InfoWars, to name just a few. In a sign of the times, security researcher Jérôme Segura found two competing groups going head to head with each other for control of a single vulnerable site.

The site belongs to sportswear seller Umbro Brasil, which as of Tuesday morning was infected by two rival skimmer groups. The first gang planted plaintext JavaScript on the site that caused it to send payment card information to the attackers as customers were completing a sale. The malicious JavaScript looked like this: [image]

A second gang exploited either the same or a different website vulnerability as the first. The second group then installed much more advanced JavaScript that was encoded in a way to prevent other programs from seeing what it did. This is what it looked like: [image]

The obfuscated JavaScript actively tampered with the less-sophisticated payment skimmer installed by the first gang. Specifically, it replaced the last digit of a credit card number with a randomly generated digit before being sent to the first group. As a result, there was a 90 percent chance that the number obtained by the first group would be incorrect. Because the first group used unobfuscated JavaScript, the skimmer is much more vulnerable to tampering by rivals.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Thursday November 22 2018, @01:53AM (1 child)

    by Anonymous Coward on Thursday November 22 2018, @01:53AM (#765029)

    Yup, that's exactly how it works. Boggles the mind how they can hack a payment site to steal card/CVVs but not know that.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 2) by RandomFactor on Thursday November 22 2018, @02:40PM

    by RandomFactor (3682) Subscriber Badge on Thursday November 22 2018, @02:40PM (#765201) Journal

    I think the idea is that Skimmer#1 didn't know this was happening and put out bad credit card info getting a bad rep. This way Skimmer#2's cards would be more reliable and sell for more.

    --
    В «Правде» нет известий, в «Известиях» нет правды