A payment service platform's checkout page was recently cloned by the threat actors behind a web skimming campaign that harvested and stole credit card information from an online shop's customers.
Web skimming (also known as e-skimming) is the process through which fraudsters can harvest and steal customers' payment or personally identifiable information (PII) after injecting malicious code in the form of payment card skimmer scripts within a compromised e-commerce site's payment processing platform (PSP).
The e-skimming campaign observed by Malwarebytes Director of Threat Intelligence Jérôme Segura used scripts designed to steal data from the online store's input, select, and textarea elements, but it also went straight to the PSP, replacing its checkout page to collect the victims' credit card data.