The Redmond giant has shared details about the latest web skimming campaigns that utilize stealthy techniques. Microsoft warns users to be wary and deploy all preventive measures to prevent such web skimming attacks.
Hackers Switching Techniques To Hide Web Skimming Attacks – Says Microsoft
In a recent post, Microsoft has highlighted the changing techniques in the latest web skimming attacks. The tech giant pointed out how the attackers have improvised strategies to hide malicious codes to escape detection.
Web skimmers, famous for attacks from the Magecart group, are sneaky malware codes aiming to steal financial data and money. The attackers used to inject these codes into the target website’s pages by exploiting various vulnerabilities. With time, as detection techniques became common and more robust, the attackers also improvised their plans to perform stealthy attacks.
That’s what Microsoft now warns about. Briefly, the firm has mentioned three prominent means through which the threat actors now hide the web skimmers. One of the campaigns that Microsoft analyzed involved embedding obfuscated scripts in images. As stated in Microsoft’s post,
In one of the campaigns we’ve observed, attackers obfuscated the skimming script by encoding it in PHP, which, in turn, was embedded inside an image file—a likely attempt to leverage PHP calls when a website’s index page is loaded.
Moreover, they also observed some campaigns exploiting concatenated and encoded skimming host URLs and mimicking Meta Pixel (formerly ‘Facebook Pixel’) and Google Analytics scripts.
Recommendations For Defense Against Magecart Attacks
Microsoft has advised businesses to remain cautious about web skimmers and proactively adopt robust detection strategies to spot malicious codes. Although, detecting skimmers is difficult since they resemble usual JavaScript codes for legit purposes like web analytics. Yet, here’s what the tech giant explained about skimmers.
Among the similarities we found in these recent skimming scripts include the presence of Base64-encoded strings such as “checkout” and “onepage” and the presence of the atob() JavaScript function in compromised pages. Such clues could help defenders surface these malicious scripts.
Besides, Microsoft also urged businesses and site owners to keep their websites, CMSs, and plugins up-to-date. Moreover, users should also ensure downloading any third-party plugins or tools from legitimate, official, and trusted sites.
