Credit Card Skimmer Attack Strikes Virtual Conference Platform Playback Now

Credit Card Skimmer Attack Strikes Virtual Conference Platform Playback Now

We’ve seen many security incidents affecting different websites simultaneously because they were loading the same tampered piece of code. In many instances, this is due to what we call a supply-chain attack, where a threat actor targets one company that acts as an intermediary to others.


In today’s case, the targeted websites all reside on the same server and sell video content from various conferences and conventions. The host control panel belongs to Playback Now, a company that provides its customers with an array of services to capture and deliver recorded material into an online conference experience.


Criminals decided to impersonate Playback Now by registering a malicious domain lexically close to their official website that could be used to discreetly serve a credit card skimmer as well as collect stolen data.


Their next move was to inject a malicious reference to this skimmer code into dozens of Magento sites hosted on the same IP address belonging to Playback Now. As a result, the financial details from customers shopping for conference material are now at risk.


Online conference sites compromised with Inter skimming kit


Playback Now provides organizations with an easy way to seamlessly convert an event into an online virtual experience. Conferences and seminars can be delivered via live streaming, on demand, or a hybrid of the two.


Their offering of a virtual conference expo hall seems like a timely solution during the pandemic for organizers and exhibitors to connect with customers just like at an in-person event.




Figure 1: Legitimate PlayBack Now website

Businesses or organizations that want to join ..

Support the originator by clicking the read the rest link below.