FlagThis - #CasioHack

A web skimming campaign has targeted multiple websites, including Casio UK, in a sophisticated double-entry attack. Security firm Jscrambler discovered that at least 17 websites were compromised, with the attack on Casio UK lasting from January 14th to January 24th. The threat actor installed a web skimmer on all pages except the checkout page. This skimmer altered the usual payment flow, manipulating the user into entering sensitive information such as name, address, email, phone number, and credit card details into a fake payment form.

The double-entry technique involved an unobfuscated loader that fetched a second-stage skimmer from an attacker-controlled server. This skimmer encrypted and exfiltrated sensitive customer information, including contact information, credit card details, and billing addresses, concealing malicious activity through XOR-based string masking and custom encoding. After completing the fake form, victims were redirected to the legitimate checkout page, where they were asked to fill out the same details again. Jscrambler noted that Casio UK's website had a content security policy set to report-only, which logged events but failed to prevent the attack.


References :

• securityaffairs.com: Web Skimmer found on at least 17 websites, including Casio UK
• www.scworld.com: Web skimming campaign hits several websites
• ciso2ciso.com: Casio Website Infected With Skimmer  – Source: www.securityweek.com
• ciso2ciso.com: CISO to CISO reports on the web skimming attack against Casio and 16 other websites.
• Pyrzout :vm:: Casio and 16 Other Websites Hit by Double-Entry Web Skimming Attack – Source:hackread.com
• ciso2ciso.com: The attackers' goal was to harvest and exfiltrate visitor information.
• Secure Bulletin: On February 3, 2025, the Casio UK online store fell victim to a significant cyberattack, leading to the unauthorized access and theft of customer credit card information.
• BleepingComputer: Casio UK's e-shop at casio.co.uk was hacked to include malicious scripts that stole credit card and customer information between January 14 and 24, 2025.
• www.bleepingcomputer.com: Bleeping Computer article on the Casio UK online store being hacked to steal customer credit cards.
• securebulletin.com: Malicious scripts on the CASIO e-shop stole credit card and personal customer details

Classification:

• HashTags: #WebSkimming #CasioHack #EcommerceSecurity
• Target: Multiple e-commerce websites and their customers
• Product: e-commerce platforms
• Feature: Payment processing
• Malware: Web skimmer
• Type: DataBreach
• Severity: Medium