Elusive skimming campaigns are unfolding on the Internet


According to experts from Microsoft, the attackers disguised the skimming script by encoding it into a PHP script embedded in the image file. With this trick, malicious code is executed when the index page of the site is loaded. Some skimming scripts also included debugging protection mechanisms.

Web skimming is a criminal method of collecting payment information from website visitors during checkout. Scammers use vulnerabilities in e-commerce platforms and CMS to implement a skimming script on an e-store page. In some cases, attackers can exploit vulnerabilities in installed third-party plugins and themes to inject malicious scripts.

“During the research, we encountered two cases of malicious images being uploaded to a server hosted on Magento. Both images had the same JavaScript code, but were slightly different in the implementation of the PHP script,” the report published by Microsoft says. “The first image was disguised as a favicon and is available on VirusTotal, and the second was a regular WebP file discovered by our team.”

Microsoft has also noticed attackers using malicious JavaScript code in Base64 format to spoof Google Analytics and Meta Pixel scripts to avoid detection. Experts noted that the hackers behind the substitution of Meta Pixel used recently registered domains with HTTPS.

At the conclusion of the report, Microsoft experts recommend that organizations update CMS and installed plugins to the latest versions and make sure that all third-party plugins and services are downloaded only from reliable sources.

Start a discussion …