fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Credit Card Stealer Hides In CSS Files Of Hacked Online Stores

Credit Card Stealer Hides In CSS Files Of Hacked Online Stores

Credit card stealer scripts are evolving and become increasingly harder to detect due to novel hiding tactics. The latest example is a web skimmer that uses CSS code to blend within the pages of a compromised store and to steal customers’ personal and payment information.

By hiding their payment info stealer script within CSS code, this skimmer’s creators successfully bypassed detection by automated security scanners and avoided raising any flags even when examined in manual security code audits.

This happened because scanners aren’t commonly scanning CSS files for malicious code and anyone looking at the skimmer’s trigger script reading a custom property (variable) from the CSS page wouldn’t give it a second glance.

CSS (Cascading Style Sheets) files are the ones providing websites with the ability to add style (e.g., fonts, colors, and spacing) to Web documents using a collection of rules.

Also Read: The Importance Of Knowing Personal Data Protection Regulations

Magecart script links stored in CSS code

This credit card skimmer (also known as a Magecart script) was discovered by researchers at Dutch cyber-security company Sansec on Tuesday, on three different online stores.

The web skimmer was still active on at least one store as SanSec told BleepingComputer earlier today, but the company didn’t share additional info due to the sensitive nature of the data.

Since it was spotted, the CSS-based web skimmer has been used by a Magecart group that has started to “experiment” with progressively more advanced techniques to inject their malicious scripts and exfiltrate customers’ payment card info.

Magecart CSS code
Magecart CSS code (Sansec)

This Magecart script will only run when customers of compromised e-commerce sites start entering payment or personal information.

When the shoppers hit the checkout button on an order form, they are redirected to a new page that loads and parses the attackers’ malicious CSS code.

A JavaScript parser/trigger script on the checkout page of the hacked online store will then load and execute the skimmer from a URL stored by the CSS Code in the –script variable that points to a Magecart script on the cloud-iq[.]net server controlled by the hackers.

This tactic allows the Magecart group to hide their credit card stealer in plain sight on any compromised e-commerce website since it won’t be discovered through any conventional methods.

At most, it would raise alarm flags only by accident as it happened when Sansec first spotted it earlier this week.

Magecart trigger script
Magecart trigger script (Sansec)

Every bit of code can be used for malicious purposes

Online stores “need to monitor all of their data, not just executable assets,” as Sansec told BleepingComputer.

“It is a huge headache for e-commerce managers. Today it is CSS, tomorrow it will be static data elsewhere.”

Online shoppers have very few options to protect against Magecart attacks where JavaScript-based scripts known as credit card skimmers are injected within the pages of compromised e-commerce sites to exfiltrate their customers’ payment and personal data.

Also Read: The Scope Of Singapore Privacy: How We Use It In A Right Way

“Consumers should pick a bank that enforces 2FA on each transaction,” Sansec said. “In Europe, it is more and more common, but in the US not at all.”

If you are in the US, you can either get temporary card numbers at http://privacy.com and similar platforms or use virtual cards for each transaction.

Sansec researchers have also recently discovered a web skimming malware capable of hiding as SVG social media buttons and an almost impossible to remove credit card stealing malware that bundles a persistent backdoor.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us