MICROSOFT has issued an important warning over a malware scam that can steal your credit card information.
The latest techniques employed by hackers are more subtle than past card skimming schemes, the company warned.
2
Web skimming is a hacking term for using code to scan a webpage for payment information.
Microsoft said that web skimming attempts are normally deployed against browser platforms like “Magento, PrestaShop and WordPress” because of their widespread use and connection to e-commerce.
In November 2021, a malicious bug was planted into a Magento server that would automatically search for the terms “checkout” and “one page” in search of credit card data.
The FBI said hackers were “sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server.”
The latest version of the scam involves writing a “PHP script” into the server.
The bit of code will sit silently and idly until it has determined that the site’s administrators are not logged in, according to ZDNet.
“Based on previous similar attacks, we believe that the attacker used a PHP ‘include’ expression to include the image (that contains the PHP code) in the website’s index page, so that it automatically loads at every webpage visit,” Microsoft wrote in a
