FlagThis

Cybersecurity researchers at Jscrambler have uncovered a sophisticated web-skimming campaign targeting online retailers. This campaign exploits a legacy Stripe API to validate stolen credit card details in real-time before transmitting them to malicious servers. This ensures that only active and valid card numbers are harvested, significantly increasing the efficiency and potential profit of their operations. The operation has been ongoing since at least August 2024 and has affected at least 49 online stores.

The attack starts with the injection of malicious JavaScript code, mimicking legitimate payment forms, into checkout pages. This code captures customer payment information as it's entered. The compromised sites, often using platforms like WooCommerce, WordPress, and PrestaShop, were injected with malicious JavaScript that overlaid the legitimate checkout page with a fake one to harvest payment information. After the payment information is taken, a fake error appears asking the customer to reload the page.

ImgSrc: hackread.com

References :

• hackread.com: Hackers Exploit Stripe API for Web Skimming Card Theft on Online Stores
• : Stripe API Skimming Campaign Unveils New Techniques for Theft
• bsky.app: An online skimming operation is abusing a legacy Stripe API to verify if stolen payment card details are still valid. The skimming operation was active on almost 50 online stores
• thehackernews.com: Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign
• www.scworld.com: Ongoing web skimmer campaign taps deprecated Stripe API
• www.techradar.com: Old Stripe APIs are being hijacked for credit card skimmer attacks
• BleepingComputer: An online skimming operation is abusing a legacy Stripe API to verify if stolen payment card details are still valid.

Classification:

• HashTags: #WebSkimming #CardTheft #Cybercrime
• Company: Google
• Target: Online stores
• Product: Stripe API
• Feature: Web Skimming
• Type: Hack
• Severity: Major