Card-Skimming Malware Have Changed Tactics Throughout the Years, Microsoft Says

According to a report by ZDNet, Microsoft experts have found out that credit card skimmers have switched methods in delivering malware to the system.

For the past decade, the card-skimming malware "Magecart" has been on the front lines. To note, this malicious software can easily steal your credit card information by injecting scripts into the checkout sites.

Microsoft has flagged injecting JavaScript to the front-end activities as "conspicuous." With that being said, the company believes that it could trigger protections in the browser, including Content Security Policy (CSP).

It should be noted that last November, the firm discovered a bogus browser favicon that made its way to a server. This was hosted in an e-commerce platform dubbed "Magento."

At the time, the hackers have been targeting the buyers. The researchers concluded that the PHP script could only operate after the confirmation through the cookies.

After running it, the checkout page in Magneto will generate the URL of the site. Additionally, two keyboards will appear during the operation -- "checkout" and "one page."

"The insertion of the PHP script in an image file is interesting because, by default, the webserver wouldn't run the said code. Based on previous similar attacks, we believe that the attacker used a PHP 'include' expression to include the image (that contains the PHP code) in the website's index page, so that it automatically loads at every webpage visit," Microsoft wrote on its blog.

Card-Skimming Actors Are Relying on Malicious PHP

Speaking of the technique done by the credit card hackers, the FBI has warned the users regarding the new tactics done by the attackers. The agency said that the actors are utilizing PHP to compromise the checkout pages of the business across the US.

Per Sucuri, the PHP skimmers that are hitting the web servers on the backend have a connection to 41% of credit-card skimming cases last year.

Furthermore, Jerome Segura of cybersecurity firm Malwarebytes wrote that the evolving technique is "interesting" since the skimmer could continue the operations without getting blocked by the security tools.

There have been some instances that the card-skimming malware has been using JavaScript to imitate scripts from Meta Pixel and Google Analytics.



What About Gas Pump Skimmers?

Per Reader's Digest, some people could not easily distinguish what's a gas pump skimmer and what's not. Usually, the sign that you need to watch out for it is if it will budge even the slightest.

Since they are connected to the card readers, they could stick out for a while. Aside from the customers who often fall into this trap, some professionals who know surveillance can also be deceived by the gas pump skimmers.

It's important to pay attention to the card-reading slots and keypads in the machines. You should also check if the lockable door is tightly closed. There should be no signs of tampering.