technology 1283624.L 1210x423 - A widespread JavaScript attack is stealing credit card information from hundreds of shopping sites!

A widespread JavaScript attack is stealing credit card information from hundreds of shopping sites!

Researchers from Chinese cybersecurity firm Qihoo 360’s NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites.

The JavaScript scripts in question include the digital credit card skimming code that when execute on a site, automatically steal payment card information, such as credit card owner name, credit card number, expiration time, CVV information, entered by its customers.

“Take one victim as an example, www.kings2.com, when a user loads its homepage, the JS runs as well. If a user selects a product and goes to the ‘Payment Information’ to submit the credit card information, after the CVV data is entered, the credit card information will be uploaded,” researchers explain in a blog post published today.

While researchers found that the malicious domain has been stealing credit cards information for at least five months with a total of 105 websites already infected with the malicious JS, they believe this number could be higher than what appeared on their radar.

@TheHackersNews | 1 minute read