Indian Computer Emergency Response Team (CERT-In) on Saturday issued a public warning about a credit card skimming campaign spread through sports, health and e-commerce websites.
In an official post, CERT-In explains attackers are targeting websites hosted on Microsoft’s IIS server running with ASP.NET web application framework
The problem lies with version 4.0.30319 of ASP.NET which is no longer officially supported by Microsoft and contains multiple vulnerabilities which makes it easier for attackers to exploit them.
CERT-In has advised websites using ASP.NET web framework and IIS web server to use the latest version and conduct security audits of web application, web server and database server, in addition to checking web server directories regularly for any malicious web shell files and remove them before they can be exploited.
CERT-In refers to a recent Malwarebytes Labs report, which found a known vulnerability (CVE-2017-9248) for ASP.NET that has been exploited recently to steal credit card credentials.
Due to covid-19 online transactions and payments have increased considerably. This has widened the attack surface for hackers. While CERT-IN’s warning was specific to a few websites that were using the outdated web server framework, in another recent instance attackers have been found to be targeting mobile apps to steal card details.
It uses overlays (fake window) with keylogger functionality on top of a legitimate app prompting users to enter card details to get access into the app. As the users enter the card details the keylogger captures them to forward to attackers.