The cyber criminals have used several techniques in the past to hide credit card stealing code, also called as web skimmers or Magecart scripts, inside various locations of the online stores to avoid getting detected.
The latest place where such web skimmers are hidden now is the CSS files. CSS files or cascading style sheets are used inside browsers to load rules for stylizing a web page’s elements with the help of the CSS language.
These files normally contain code describing the colors of various page elements, the size of the text, padding between various elements, font settings etc.
Willem de Groot, the founder of Dutch security firm Sanguine Security (SanSec said that this CSS feature is now being abused by web skimmer gangs.
At least one group is using malicious code added inside CSS files to load skimmers on online stores that record payment card data when users are completing checkout forms.
The SanSec founder stated that a handful of victim stores with this injection method were found and it seems to have been taken offline after he has tweet regarding this.
The infrastructure was in place since September and was earlier used for several dozen more traditional attacks. This CSS disguise looks like a recent experiment.
According to de Groot, there is something which the shop owners and online shoppers must be more worried about. The majority of skimming happens on the server, where it is completely invisible.
About 65% of their forensic investigations this year found a server-side skimmer that was hidden in the database, PHP code or a Linux system process.
One of the easiest methods for shoppers to protect themselves from web skimmer attacks is to use virtual cards that are designed for one-time payments. It enables them to place a fixed sum of money inside a virtual debit card which expires after single transaction or a specific time.