The unique aspect of this attack is that WebSockets is used instead of other methods such as HTML tags to extract the information needed.
Hackers use a range of attack vectors to get their victims by whatever means possible. One of these happens to be skimming attacks where they attempt to collect a user’s payment information from credit and debit cards unauthorizedly.
Building upon this, in the latest, we have a new report by Akamai which details a new way being used by attackers of conducting such an attack. According to researchers, attackers are using fake credit card forum and WebSockets to steal the financial and personal information of unsuspecting users.
See: Hundreds of counterfeit branded shoe stores hacked with web skimmer
To start with, a malicious script is injected and run on the target page. This allows the attackers to load a JavaScript file from their C2 server which “stores in the browser’s LocalStorage its generated session-id and the client IP address”.
According to Akamai’s blog post:
Skimmer attack was discovered this week, targeting various online e-commerce sites. As of the writing of this blog post, the attack is still active and exfiltrating data. Attackers are exploiting an expanding in-browser attack surface and continually evolving web skimming techniques. This attack implements many sophisticated capabilities, which we don’t usually see among skimmers attacks.
..Support the originator by clicking the read the rest link below.
