Subj : Online stores are being hijacked with fake forms to steal credit To : All From : TechnologyDaily Date : Tue May 02 2023 18:15:04 Online stores are being hijacked with fake forms to steal credit card details Date: Tue, 02 May 2023 17:10:32 +0000 Description: Hackers are breaking into stores and adding their own payment forms which sometimes look even better than the real thing. FULL STORY ====================================================================== Cybersecurity researchers from Malwarebytes have discovered a new credit card information stealing campaign that uses complex, legitimate-looking payment forms that are very hard to spot for the average user. The researchers spotted multiple online ecommerce stores being breached, and a modal being placed on top of their actual payment forms. The modals are HTML content overlaid over the top of the main webpage, which allows the user to interact with the login forms and notifications without leaving the site. Hiding in plain sight The modals look so good, (in some cases even being better than the original) that its almost impossible for the average user to discover anything amiss. In one of the campaigns, the researchers said, the modal displayed the sites brand logo, correct language, and elegant interface elements. Victims who try to buy something from these compromised websites would get a bogus error message which would redirect them to the actual payment URL to try and repeat the payment. That way hackers made sure their modals remained inconspicuous for as long as possible. The hackers would also plant a cookie on the endpoint of the victim, in order to prevent duplicate entries. Read more > MageCart attacks return to target hundreds of outdated ecommerce sites > Retailers using WooCommerce are the next target for Magecart card skimmer attacks > Check out the best ID theft protection right now When it comes to discovering who the threat actors behind the campaign are, the jury is still out. Malwarebytes researchers speculate that it might be MageCart. However, they also said one of the victims was compromised by the Kritec campaign, which is a JavaScript skimmer Malwarebytes first found on Magento stores more thana year ago. "It is possible multiple threat actors are involved in those campaigns and customizing skimmers accordingly," reads the report . "While many hacked stores had a generic skimmer, it appears the custom modals were developed fairly recently, maybe a month or two ago." It seems we might have to go back to one-time private cards with charge limits, to prevent our hard-earned money from getting into the wrong hands. These are the best firewalls right now Via: BleepingComputer ====================================================================== Link to news story: https://www.techradar.com/news/online-stores-are-being-hijacked-with-fake-form s-to-steal-credit-card-details --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .