Nearly 50 online merchants have already been compromised in intrusions exploiting Stripe's legacy application programming interface "api.stripe[.]com/v1/sources" for payment data validation part of an advanced web skimmer campaign that has been underway since August, according to The Hacker News.Attacks may have involved the initial compromise of vulnerable WordPress, WooCommerce, and PrestaShop instances to facilitate injection of a malicious script that deploys a next-stage payload redirecting to the skimmer script, which not only conceals the Stripe iframe but also mimics the 'Place Order' button, a report from Jscrambler showed. Additional analysis of the skimmer scripts revealed Square payment form spoofing, as well as the inclusion of cryptocurrency-based payment options, noted Jscrambler researchers. "This sophisticated web skimming campaign highlights the evolving tactics attackers use to remain undetected. And as a bonus, they effectively filter out invalid credit card data, ensuring that only valid credentials are stolen," added researchers.
The sophisticated attack utilizes Google Tag Manager (GTM) and Stripe domains, which are implicitly trusted by e-commerce sites, allowing the malicious code to bypass security measures.
While the Google Cloud Platform console indicates immediate deletion, researchers found that keys take an average of 16 minutes to become fully inactive, with the longest observed delay reaching 23 minutes.
The new API endpoints enable security operations teams to integrate Command Zero's investigation engine into their existing security orchestration, automation, and response (SOAR) playbooks, pipelines, and internal tools.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
