Microsoft: Credit card stealers are getting much stealthier


Level 61
Thread author
Top poster
Content Creator
Apr 24, 2016
Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code.

Skimming gangs obfuscate their code snippets, inject them into image files, and masquerade them as popular web applications to evade detection.

This undermines the effectiveness of threat detection products and increases the likelihood that internet users will have their credit card information stolen by malicious actors.
How to defend

Common characteristics among all payment card skimmers include the presence of base64-encoded strings and the "atob()" JavaScript function on compromised webpages.

Apart from active scanning and detection, website administrators should ensure they're running the latest available version of their content management system (CMS) and plugins.

From the customers' perspective, minimizing the damage of skimmers is only possible by using one-time private cards, setting strict payment limits, or using electronic payment methods instead.