Nearly 5,900 e-commerce sites has been breached by hackers and installed malware that steals victim’s credit card details, according to a security researcher.
According to Dutch security analyst Willem De Groot he said that, the hackers gained access to a store’s source code using various un-patched software flaws.
“Once a store is under control of a perpetrator, a (Javascript) wiretap is installed that funnels live payment data to an off-shore collection server (mostly in Russia). This wiretap operates transparently for customers and the merchant,” he said in a blog post.
The stolen credit cards details are sold on the dark web for US$30 per card. De Groot scanned over 250,000 stores and found 3501 stores to be skimmed. Ten months later that figure rose to 5,9235. The victims vary from car makers, to fashion shops, pop starts to non-governmental organisations, such as the Science Museum.
“One reason that many hacks go unnoticed is the amount of effort spent on obfuscating the malware code,” he said. Earlier malware cases contained relatively readable JavaScript but in the last scan more sophisticated versions were discovered by De Groot.
“Some malware uses multi-layer obfuscation, which would take a programmer a fair bit of time to reverse engineer. Add to this that most obfuscation includes some level of randomness, which makes it difficult to implement static filtering.”
He said that new cases could be stopped right away if store owners would upgrade their software regularly. “But this is costly and most merchants don’t bother,” said De Groot.
“Companies such as Visa or Mastercard could revoke the payment license of sloppy merchants,” de Groot said. “But it would be way more efficient if Google would add the compromised sites to its Chrome Safe Browsing blacklist. Visitors would be greeted with a fat red warning screen and induce the store owner to quickly resolve the situation.”