Security News Web-Based Keylogger Steals Credit Card Data

[509322]

Web-based keyloggers are one of your worst nightmares. Security software installed on your system can do virtually nothing about it - except mostly by blocking access to the malicious webpage - that's IF the URL\IP address is in the filter list. If a security soft can detect malicious attack pattern within a webpage you will be lucky - since the detection of malicious web pages are almost entirely attack-specific.

* * * * *

Full official report: https://safe.riskiq.com/rs/455-NHF-...mmerce_Sites_Lead_to_Web-Based_Keyloggers.pdf

aufdemkerbholz.de
backstage.gs
eyeglass.com
farmwholesale.com
[B][COLOR=#ff0000]fidelitystore.com[/COLOR][/B]
giftshop.cancerresearchuk.org
gkboptical.com
gypsyville.com
ihomecases.com
kerbholz.com
lenshareca.com
mamapanda.com
mauriziocollectionstore.com
sasshoes.com
saudi.miniexchange.com
shop.air-care.com
shop.guess.net.au
shop2.gzanders.com
shoppu.com.my
storeinfinity.com
truthbookpublishersstore.org
valuedrugs.net
[URL='http://www.5thavenuedog.com']www.5thavenuedog.com[/URL]
[URL='http://www.aalens.com']www.aalens.com[/URL]
[URL='http://www.agssalonequipment.com']www.agssalonequipment.com[/URL]
[URL='http://www.apacwines.com']www.apacwines.com[/URL]
[URL='http://www.arenaswimwearstore.com']www.arenaswimwearstore.com[/URL]
[URL='http://www.ariashop.co.uk']www.ariashop.co.uk[/URL]
[URL='http://www.arvaco.com']www.arvaco.com[/URL]
[URL='http://www.aurigaeurope.com']www.aurigaeurope.com[/URL]
[URL='http://www.ausnaturalcare.com.au']www.ausnaturalcare.com.au[/URL]
[URL='http://www.babysavings.com.au']www.babysavings.com.au[/URL]
[URL='http://www.bellfieldclothing.com']www.bellfieldclothing.com[/URL]
[URL='http://www.benmoss.com']www.benmoss.com[/URL]
[URL='http://www.bogglingshop.com']www.bogglingshop.com[/URL]
[URL='http://www.brandvapors.com']www.brandvapors.com[/URL]
[URL='http://www.brooktaverner.co.uk']www.brooktaverner.co.uk[/URL]
[URL='http://www.capstore.dk']www.capstore.dk[/URL]
[URL='http://www.cbcrabcakes.com']www.cbcrabcakes.com[/URL]
[URL='http://www.chefcentral.com']www.chefcentral.com[/URL]
[URL='http://www.clarke-distributing.com']www.clarke-distributing.com[/URL]
[URL='http://www.clickandgrill.de']www.clickandgrill.de[/URL]
[URL='http://www.cottinfab.com']www.cottinfab.com[/URL]
[URL='http://www.countrywidehealthcare.co.uk']www.countrywidehealthcare.co.uk[/URL]
[URL='http://www.crossingbroadstore.com']www.crossingbroadstore.com[/URL]
[URL='http://www.dgpartsmall.com']www.dgpartsmall.com[/URL]
[URL='http://www.donnabeleza.com.br']www.donnabeleza.com.br[/URL]
[URL='http://www.douglovesshirts.com']www.douglovesshirts.com[/URL]
[URL='http://www.eddymerckx.com']www.eddymerckx.com[/URL]
[URL='http://www.emarket.com.kw']www.emarket.com.kw[/URL]
[URL='http://www.evergreen.ie']www.evergreen.ie[/URL]
[URL='http://www.everlast.com']www.everlast.com[/URL]
[URL='http://www.faber.co.uk']www.faber.co.uk[/URL]
[URL='http://www.faberacademy.co.uk']www.faberacademy.co.uk[/URL]
[B][COLOR=#ff0000][URL='http://www.fidelitystore.com']www.fidelitystore.com[/URL][/COLOR][/B]
[URL='http://www.freedomflask.com']www.freedomflask.com[/URL]
[URL='http://www.ghurka.com']www.ghurka.com[/URL]
[URL='http://www.gingerandsmart.com']www.gingerandsmart.com[/URL]
[URL='http://www.gkboptical.com']www.gkboptical.com[/URL]
[URL='http://www.golights.com.au']www.golights.com.au[/URL]
[URL='http://www.grahamandgreen.co.uk']www.grahamandgreen.co.uk[/URL]
[URL='http://www.greekpaddles.net']www.greekpaddles.net[/URL]
[URL='http://www.huntingandfishing.co.nz']www.huntingandfishing.co.nz[/URL]
[URL='http://www.iloveshowpo.com']www.iloveshowpo.com[/URL]
[URL='http://www.karity.com']www.karity.com[/URL]
[URL='http://www.knetgolf.com']www.knetgolf.com[/URL]
[URL='http://www.kosherwine.com']www.kosherwine.com[/URL]
[URL='http://www.laploma.in']www.laploma.in[/URL]
[URL='http://www.leasevillenocredit.com']www.leasevillenocredit.com[/URL]
[URL='http://www.lions-pride.com']www.lions-pride.com[/URL]
[URL='http://www.littlelittleorganics.com']www.littlelittleorganics.com[/URL]
[URL='http://www.lostgolfballs.com']www.lostgolfballs.com[/URL]
[URL='http://www.mackenzieltd.com']www.mackenzieltd.com[/URL]
[URL='http://www.mcs.com']www.mcs.com[/URL]
[URL='http://www.minervabeauty.com']www.minervabeauty.com[/URL]
[URL='http://www.miniexchange.com']www.miniexchange.com[/URL]
[URL='http://www.mothercare.co.id']www.mothercare.co.id[/URL]
[URL='http://www.musclefood.com']www.musclefood.com[/URL]
[URL='http://www.musingapore.cn']www.musingapore.cn[/URL]
[URL='http://www.muzzle-loaders.com']www.muzzle-loaders.com[/URL]
[URL='http://www.mylook.ee']www.mylook.ee[/URL]
[URL='http://www.nationalcargocontrol.com']www.nationalcargocontrol.com[/URL]
[URL='http://www.nessaleebaby.com']www.nessaleebaby.com[/URL]
[URL='http://www.nichecycle.com']www.nichecycle.com[/URL]
[URL='http://www.onesolestore.com']www.onesolestore.com[/URL]
[URL='http://www.owgartenmoebel.de']www.owgartenmoebel.de[/URL]
[URL='http://www.ozeparts.com.au']www.ozeparts.com.au[/URL]
[URL='http://www.paykobo.com']www.paykobo.com[/URL]
[URL='http://www.personalizationuniverse.com']www.personalizationuniverse.com[/URL]
[URL='http://www.punkstuff.com']www.punkstuff.com[/URL]
[URL='http://www.rebeccaminkoff.com']www.rebeccaminkoff.com[/URL]
[URL='http://www.reservewineclub.com.sg']www.reservewineclub.com.sg[/URL]
[URL='http://www.retaildeal.biz']www.retaildeal.biz[/URL]
[URL='http://www.rosesonly.com.sg']www.rosesonly.com.sg[/URL]
[URL='http://www.royaldiscount.com']www.royaldiscount.com[/URL]
[URL='http://www.santonishoes.com']www.santonishoes.com[/URL]
[URL='http://www.savannahcollections.com']www.savannahcollections.com[/URL]
[URL='http://www.shopboss.com.br']www.shopboss.com.br[/URL]
[URL='http://www.showpo.com']www.showpo.com[/URL]
[URL='http://www.shrimpandgritskids.com']www.shrimpandgritskids.com[/URL]
[URL='http://www.skinsolutions.md']www.skinsolutions.md[/URL]
[URL='http://www.slimminglabs.com']www.slimminglabs.com[/URL]
[URL='http://www.smoothmag.com']www.smoothmag.com[/URL]
[URL='http://www.sophieparis.com']www.sophieparis.com[/URL]
[URL='http://www.stagespot.com']www.stagespot.com[/URL]
[URL='http://www.storeinfinity.com']www.storeinfinity.com[/URL]
[URL='http://www.superbikestore.in']www.superbikestore.in[/URL]
[URL='http://www.surthrival.com']www.surthrival.com[/URL]
[URL='http://www.thebeautyplace.com']www.thebeautyplace.com[/URL]
[URL='http://www.titanssports.com.br']www.titanssports.com.br[/URL]
[URL='http://www.todaycomponents.com']www.todaycomponents.com[/URL]
[URL='http://www.tonnotermans.nl']www.tonnotermans.nl[/URL]
[URL='http://www.ukbathroomstore.co.uk']www.ukbathroomstore.co.uk[/URL]
[URL='http://www.umnitza.com']www.umnitza.com[/URL]
[URL='http://www.voicerecognition.com.au']www.voicerecognition.com.au[/URL]
[URL='http://www.waterfilters.net']www.waterfilters.net[/URL]
[URL='http://www.wesellusedsound.co.za']www.wesellusedsound.co.za[/URL]
[URL='http://www.windsorsmith.com.au']www.windsorsmith.com.au[/URL]
[URL='http://www.zalacliphairextensions.com.au']www.zalacliphairextensions.com.au[/URL]

Excerpts from online article at ThreatPost.com:

Popular ecommerce sites have been infected with web-based keyloggers that are being used to steal credit card data as it’s entered into online checkout forms. More than 100 compromised sites have been identified, but the number could be in the thousands, researchers said.

...

“When someone makes a purchase and enters their credit card data at these sites, that data is stolen and sent back to attackers in real time,” he said.

...

While web-based keyloggers and credit card stealers aren’t uncommon, RiskIQ believes these types of attacks are on the rise. Since March the threat actors behind this most recent campaign have grown more sophisticated; opting to use bulletproof hosting services and attacking a wider range of ecommerce platforms.

 

[Dirk41]

Thank you for sharing . I Always use virtual cards to pay online. I mean they work just for that payment and then expire .

 

[509322]

It is recommended to use a finite amount account\card that is completely unconnected to your primary bank account - like a virtual card.

 

[Dirk41]

I suppose https is useless in these cases right ?
And virtual keyboard or sw like Hitman or zemana AL too, because it is web based , right ? Thank you

 

[509322]

The moral of the story is that your data, input and stored on another party's system, "is the piggy that got away..."

 

[_CyberGhosT_]

I purchase a throwaway card and only load the amount of my purchase.
Needless to say I buy on average 3 to 4 cards a month.
It is a little bit of a hassle but well worth the added security.
Thanks Jeff.

 

[509322]

I suppose https is useless in these cases right ?
And virtual keyboard or sw like Hitman or zemana AL too, because it is web based , right ? Thank you

HTTPS is just in-transit data encryption. Virtual keyboard and anti-logging are just local system protection. The keystrokes are encrypted until they reach the browser. You are correct.

 

[509322]

I purchase a throwaway card and only load the amount of my purchase.
Needless to say I buy on average 3 to 4 cards a month.
It is a little bit of a hassle but well worth the added security.
Thanks Jeff.

A hassle, but very wise.

 

[Dirk41]

Thank you .

You also can't disable completely js , because some js are needed in the genuine process of payment right ?

 

[509322]

Thank you .

You also can't disable completely js , because some js are needed in the genuine process of payment right ?

Disabling javascript very often causes such a webpage to malfunction. You are correct.

Krebs: "For instance, it’s not uncommon when you’re shopping online to come across a site that won’t let you submit data without fully allowing JavaScript."

Being ultra-proactive, picky about which sites you purchase from online doesn't truly minimize the risk of such attacks. There is very little that you can do except to set up your credit card with minimal funds and also verification\authorization of purchases. You can also use a credit card that will reimburse in the case of fraud.

 

[Dirk41]

Thank you ,I suppose scanner for malicious js on websites that you can find googoling are not very reliable .

Thank you once again

 

[conceptualclarity]

This is really crappy news. Looks like it means from the consumer's point of view, there's no such thing as a secure shopping website? Would the special shopping browsers that Panda and BitDefender and some other companies have be useless against this?

 

[Dirk41]

This is really crappy news. Looks like it means from the consumer's point of view, there's no such thing as a secure shopping website? Would the special shopping browsers that Panda and BitDefender and some other companies have be useless against this?

Yeah I never tried them . Interesting question

 

[conceptualclarity]

From "RiskIQ Research: Compromised eCommerce Sites Lead to Web-Based Keyloggers"

We recommend the following considerations for consumers:

● Carefully consider the online retailers whose sites you visit and to whom you submit
payment data. Understand that at any given time, a portion of online retailers are
compromised and present a risk that’s unknown to site owners. Without a high level of
visibility and knowledge about attack techniques, it may be difficult to discern high-risk
sites. Attempt to do business with merchants you believe are trustworthy and go to great
lengths to protect customer data.

● Maintain secure configurations on all computers used to carry out online purchases. Any
system used for online banking or eCommerce must be a known good or trusted
endpoint. This applies to desktops, laptops, tablets, mobile phones, and even virtual
machines. Public systems and kiosks should be avoided! Operating system and all
application security updates should be up to date. Other security controls may be utilized
to address specific risks, such as antivirus software or other endpoint solutions.

● An effective control that can prevent attacks such as Magecart is the use of web content
whitelisting plugins such as NoScript (for Mozilla’s Firefox). These types of add-ons
function by allowing the end user to specify which websites are “trusted” and prevents
the execution of scripts and other high-risk web content. Using such a tool, the malicious
sites hosting the credit card stealer scripts would not be loaded by the browser,
preventing the script logic from accessing payment card details.

But this is a problem because we have sites that are rendered "malicious" not by the owners but by covert third parties. What if a good site you have "trusted" on NoScript is injected with a keylogger?

May be time for the old 1-800 number to come back in style.

 

[RoboMan]

Some AV Vendors have released on their security suites what they call "Safe Browsers", a kind-of secure browsers which include their AV technology to protect you online. Should this protect users from this kind of threats?

 

[Solarquest]

Some AV Vendors have released on their security suites what they call "Safe Browsers", a kind-of secure browsers which include their AV technology to protect you online. Should this protect users from this kind of threats?

I hope to be wrong but since these attacks are web based and the AV browser "local" I doubt they would protect if Java script are allowed.

 

[tim one]

What do you think about using NoScript extension to prevent that?

 

[jamescv7]

@tim one: Well it's useful actually since NoScript can detect clickjackig attacks that can lure you to steal important information to you.

I see NoScript in action for that.

 

[conceptualclarity]

What do you think about using NoScript extension to prevent that?

@tim one: Well it's useful actually since NoScript can detect clickjackig attacks that can lure you to steal important information to you.

I see NoScript in action for that.

That's good. But again it looks as though if a good site you have "trusted" on NoScript is injected with a keylogger, you're in trouble.

Anybody else want to comment on the secure shopping/banking browsers of the AV companies in this situation? (I believe most are available as freestanding freeware.)

1-800 looks better and better.