Cyber Security

Hackers hide web skimmer inside CSS files of hacked sites


The cyber criminals have used several techniques in the past to hide credit card stealing code, also called as web skimmers or Magecart scripts, inside various locations of the online stores to avoid getting detected.

Some of the places which the web skimmers were found in the past include inside images like the ones used in site logos, favicons, and social media networks; appended to popular JavaScript libraries like jQuery, Modernizr, and Google Tag Manager; or hidden inside site widgets like live chat windows.

The latest place where such web skimmers are hidden now is the CSS files. CSS files or cascading style sheets are used inside browsers to load rules for stylizing a web page’s elements with the help of the CSS language.

These files normally contain code describing the colors of various page elements, the size of the text, padding between various elements, font settings etc.

The CSS language has become a powerful utility which are used by the web developers to create powerful animations even without JavaScript.

A new feature that was added to the CSS language was that it would allow it to load and run JavaScript code from within a CSS rule.

Willem de Groot, the founder of Dutch security firm Sanguine Security (SanSec said that this CSS feature is now being abused by web skimmer gangs.

At least one group is using malicious code added inside CSS files to load skimmers on online stores that record payment card data when users are completing checkout forms.

The SanSec founder stated that a handful of victim stores with this injection method were found and it seems to have been taken offline after he has tweet regarding this.

The infrastructure was in place since September and was earlier used for several dozen more traditional attacks. This CSS disguise looks like a recent experiment.

According to de Groot, there is something which the shop owners and online shoppers must be more worried about. The majority of skimming happens on the server, where it is completely invisible.

About 65% of their forensic investigations this year found a server-side skimmer that was hidden in the database, PHP code or a Linux system process.

One of the easiest methods for shoppers to protect themselves from web skimmer attacks is to use virtual cards that are designed for one-time payments. It enables them to place a fixed sum of money inside a virtual debit card which expires after single transaction or a specific time.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Critical TCP/IP flaws pose hacking risk to millions of IoT devices

    Previous article

    European Medicines Agency targeted by cyber attack

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *