Nearly 5,900 e-commerce sites has been breached by hackers and installed malware that steals victim’s credit card details, according to a security researcher.
According to Dutch security analyst Willem De Groot he said that, the hackers gained access to a store’s source code using various un-patched software flaws.
The stolen credit cards details are sold on the dark web for US$30 per card. De Groot scanned over 250,000 stores and found 3501 stores to be skimmed. Ten months later that figure rose to 5,9235. The victims vary from car makers, to fashion shops, pop starts to non-governmental organisations, such as the Science Museum.
“Some malware uses multi-layer obfuscation, which would take a programmer a fair bit of time to reverse engineer. Add to this that most obfuscation includes some level of randomness, which makes it difficult to implement static filtering.”
He said that new cases could be stopped right away if store owners would upgrade their software regularly. “But this is costly and most merchants don’t bother,” said De Groot.
“Companies such as Visa or Mastercard could revoke the payment license of sloppy merchants,” de Groot said. “But it would be way more efficient if Google would add the compromised sites to its Chrome Safe Browsing blacklist. Visitors would be greeted with a fat red warning screen and induce the store owner to quickly resolve the situation.”