Credit Card Skimmers targetting indian customer

Indian Computer Emergency Response Team (CERT-In) on Saturday issued a public warning about a credit card skimming campaign spread through sports, health and e-commerce websites.

In an official post, CERT-In explains attackers are targeting websites hosted on Microsoft’s IIS server running with ASP.NET web application framework

The problem lies with version 4.0.30319 of ASP.NET which is no longer officially supported by Microsoft and contains multiple vulnerabilities which makes it easier for attackers to exploit them.

CERT-In has advised websites using ASP.NET web framework and IIS web server to use the latest version and conduct security audits of web application, web server and database server, in addition to checking web server directories regularly for any malicious web shell files and remove them before they can be exploited.

CERT-In refers to a recent Malwarebytes Labs report, which found a known vulnerability (CVE-2017-9248) for ASP.NET that has been exploited recently to steal credit card credentials.

Researchers at the cybersecurity firm found over a dozen websites which have been compromised with malicious code injections into one of their legitimate JavaScript libraries.

The skimmer codes injected into the JavaScript libraries are designed to steal credit card numbers as well as passwords.

Due to covid-19 online transactions and payments have increased considerably. This has widened the attack surface for hackers. While CERT-IN’s warning was specific to a few websites that were using the outdated web server framework, in another recent instance attackers have been found to be targeting mobile apps to steal card details.

It uses overlays (fake window) with keylogger functionality on top of a legitimate app prompting users to enter card details to get access into the app. As the users enter the card details the keylogger captures them to forward to attackers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s