Сredit card theft Scripts are evolving and becoming harder to detect due to new concealment tactics. The latest example is a web skimmer that uses CSS code to mix with the pages of a hacked store and to steal customers ‘ personal and billing information.


By hiding their payment information theft script in the CSS code, the creators of this skimmer successfully bypassed detection by automatic security scanners and avoided raising any flags even when checking during a manual security code audit.



This is because scanners don’t usually scan CSS files for malicious code, and anyone looking at a skimmer trigger script reading a custom property (variable) from a CSS page won’t take a second look at it. CSS files (cascading style sheets) allow websites to add style (such as fonts, colors, and spacing) to web documents using a set of rules.

This credit card skimmer (also known as the Magecart script) was discovered by researchers at the Dutch cybersecurity company Sansec on Tuesday in three different online stores. The web skimmer was still active in at least one store, as sansec told BleepingComputer today, but the company did not provide additional information due to the confidential nature of the data.


Since it was discovered, a CSS-based web skimmer has been used by the Magecart group, which has begun “experimenting” with increasingly advanced technologies to implement its malicious scripts and extract customer payment card information. This Magecart scenario will only run when customers of hacked e-Commerce sites start entering payment or personal information.

When customers click the checkout button on the order form, they are redirected to a new page that loads and analyzes malicious CSS code from attackers. The JavaScript parser / trigger script on the checkout page of the hacked online store will then load and execute the skimmer from the URL saved by the CSS code in the –script variable, which points to the Magecart script in cloud-iq.net a server controlled by hackers.


This tactic allows the Magecart group to hide their credit card theft in plain sight on any hacked e-Commerce website, as it will not be detected by any conventional methods. In the best case it will trigger the alarm only occasionally, as it happened, when Sansec first noticed it this week.


Online stores “should track all their data, not just executable files,” according to BleepingComputer. “This is a huge headache for e-Commerce managers. Today it’s CSS, tomorrow it will be static data somewhere else.”

Online shoppers have very little protection against Magecart attacks, where JavaScript-based scripts known as credit card skimmers are injected into the pages of compromised e-Commerce sites to extract their customers ‘ payment and personal data: “Consumers should choose a Bank that applies 2FA to every transaction” …

Leave a Reply

Your email address will not be published. Required fields are marked *

GPD Host Contacts
GPD Host Social
Pay with Confidence

Copyright © 2015 - 2020 GPD Host All right reserved.

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/blog.gpdhost.com/httpdocs/wp-includes/script-loader.php on line 2652