Web skimming attacks are becoming more prevalent, experts warn

computing

(Image credit: Future)

A new set of web skimming attacks have been discovered by JavaScript monitoring company Jscrambler, including attacks using methods that are reportedly unrecognizable.

In a blog post (opens in new tab), the company outlined how it detected a web skimming attack on a discounted web marketing and analytics service occurred through the acquisition of its domain name (Cockpit). The domain name has not been in use since 2014.

The Group X skimmers were able to compromise over 40 ecommerce websites (opens in new tab), and the data collected from the sites was encoded, encrypted and sent to an exfiltration server based in Russia, according to Jscrambler.

Active web skimming attacks 

The vendor mentions that once the cyber-criminals successfully exfiltrate the data of the webpage’s original elements, it injects its own fake elements by impersonating a credit card submission form.

Through the use of this method of hacking, any data inserted by the user will continue to be gathered and leaked every time there is a click on the page.

Jscrambler also found two other web skimming groups – Group Y and Group Z, with Group Y reportedly using a similar skimmer to Group X, while Group Z used a modified server structure for its attacks.

Read more

> Common misconceptions about the rise of Magecart attacks (opens in new tab)
>
Retailers using WooCommerce are the next target for Magecart card skimmer attacks (opens in new tab)
>
How to survive a drive-by malware attack (opens in new tab)

Web skimming, also known as Magecart attacks, occurs when hacker groups use online skimming techniques for the purpose of stealing personal data from websites. The hackers mostly target credit card information on sites that accept online payment or personal customer information.

The blog post mentions that there’s a chance that some websites were using a Content Management System (CMS (opens in new tab)) or a website generator provider that was injecting the third-party script into their pages.

“In that case, they might be unable to remove the library from their websites due to restricted permissions or lack of knowledge,” Jscrambler wrote.

In November, 2022, the UK’s National Cyber Security Centre (NCSC) alerted over 4,000 small business websites about the compromised payment portals (opens in new tab) on their ecommerce platforms, ahead of Black Friday – the busiest time for online retailers.

  • Build a digital moat around your network using one of these best firewall apps and services (opens in new tab)

Abigail Opiah

B2B Editor – Web hosting & Website builders

Abigail is a B2B Editor that specializes in web hosting and website builder news, features and reviews at TechRadar Pro. She has been a B2B journalist for more than five years covering a wide range of topics in the technology sector from colocation and cloud to data centers and telecommunications. As a B2B web hosting and website builder editor, Abigail also writes how-to guides and deals for the sector, keeping up to date with the latest trends in the hosting industry. Abigail is also extremely keen on commissioning contributed content from experts in the web hosting and website builder field.

TECH NEWS RELATED

This Tiny MSI PC is Packed With Power

MSI Following the example set by the Mac Mini, many Windows-powered compact PCs have popped up recently with solid hardware. If none have quite caught your eye, though, maybe this PC by MSI will. MSI has just released a new tiny PC called the Cubi 5 12M, and it’s ...

View more: This Tiny MSI PC is Packed With Power

Logitech’s New Colorful Keyboards and Mice Look Great

Logitech Logitech makes some of the best keyboards and best mice around, and you might be familiar with the company’s RGB-packed gaming products. These new peripherals are really packed with color, but we’re not really talking about lights. Logitech has announced a range of new colors for a bunch ...

View more: Logitech’s New Colorful Keyboards and Mice Look Great

“Part of the Journey Is the End;” Marvel’s Avengers Seems to be Shutting Down

Whether it be purely the lackluster quality of the game or the general distaste for live service games, Marvel’s Avengers never truly found its footing in the two years since it was released. Despite the fact that both the Marvel and Avengers labels should guarantee a happy, comic-lover audience, ...

View more: “Part of the Journey Is the End;” Marvel’s Avengers Seems to be Shutting Down

Satechi Thunderbolt 4 Slim Hub review: A sleek and portable laptop hub

Thunderbolt 4 docks are now much more widely available, meaning that it’s much easier to get a high speed dock that works with your laptop. But unfortunately, while they’re relatively widely available now, they’re still quite expensive. Thankfully, however, that price seems to now be coming down a little through ...

View more: Satechi Thunderbolt 4 Slim Hub review: A sleek and portable laptop hub

Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks

With the DNS changed, users are redirected to malicious pages

View more: Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks

Servant unleashes a bed bug blitz [Apple TV+ recap]

Just when you thought things couldn't get any worse … bed bugs! Photo: Apple TV+ Dorothy is back in the bizarre Turner household this week on Apple TV+ thriller Servant — and she’s not happy to be home. Leanne insists on normalcy, but considering the things that have happened, ...

View more: Servant unleashes a bed bug blitz [Apple TV+ recap]

Hostinger quietly shutters Zyro to focus on Hostinger Website Builder service

Will Zyro website builder still exist soon?

View more: Hostinger quietly shutters Zyro to focus on Hostinger Website Builder service

Redmi Note 12 Turbo Tipped to get Snapdragon 7-series SoC

The Xiaomi Redmi Note 12 Series arrived in China and India last year. With that being said, we might see another offering in the Redmi Note series phone in the coming months where it will be powered by the Snapdragon 7-series chipset onboard. The information comes from a notable ...

View more: Redmi Note 12 Turbo Tipped to get Snapdragon 7-series SoC

Avatar 2 animators tricked James Cameron into believing some shots were practical

Super Bowl 2023 live stream: how to watch the game, commercials and halftime show from anywhere

The Minecraft Community Answers the Age-old Question: “Can it Run Doom?”

Mark Hamill Hints That His Time as the Joker Is Over

Deadpool joins Marvel's Midnight Suns next week, adding new story missions

Chic-Fil-A’s Training Program Apparently Features a Familiar Fallout Face

Nintendo is reportedly increasing Switch production ahead of Breath of the Wild 2

Ex-Halo dev believes those who pushed for a better game ‘got laid off for it’

There are two clear winners in the PSVR 2 launch lineup

A nuclear-powered data center is opening this year

Anker’s New Monitor Stand Doubles as an All-In-One Docking Station

Naked Elden Ring Player Counter’s Placidusax’ Attack With Chaotic Results

OTHER TECH NEWS

Top Car News Car News