CERT-In issues warning about a credit card skimming campaign that is targeting e-commerce websites

    These skimmer codes that are being injected to JavaScript libraries are designed to steal not just credit card information, but also passwords.
    By: HT TECH
    | Updated on: Aug 20 2022, 22:01 IST
    CERT-In explained in an official post that hackers are targeting websites that are hosted on Microsoft’s IIS server that is running on the ASP.NET web application framework.
    CERT-In explained in an official post that hackers are targeting websites that are hosted on Microsoft’s IIS server that is running on the ASP.NET web application framework. (Pixabay)
    CERT-In explained in an official post that hackers are targeting websites that are hosted on Microsoft’s IIS server that is running on the ASP.NET web application framework.
    CERT-In explained in an official post that hackers are targeting websites that are hosted on Microsoft’s IIS server that is running on the ASP.NET web application framework. (Pixabay)

    The Indian Computer Emergency Response Team (CERT-In) has issued a public warning about a credit card skimming campaign that is targeting sports, health and e-commerce websites. CERT-In explained in an official post that hackers are targeting websites that are hosted on Microsoft's IIS server that is running on the ASP.NET web application framework.

    The problem that these attackers are exploiting lies with version 4.0.30319 of ASP.NET which is no longer officially supported by Microsoft and contains a host of vulnerabilities which makes it easy for hackers to break in.

    In the advisory, CERT-In has asked these websites using ASP.NET web framework and IIS server to update to the latest version and conduct audits of web application, server and database server. CERT-In has also asked these sites to check web server directories regularly to keep an eye out for malicious web shell files and make sure they are removed before they can be exploited.

    CERT-In referred to a recent Malwarebytes Labs report that discovered a known vulnerability, CVE-2017-9248, for ASP.NET that has been exploited recently to steal credit card details. Researchers at Malwarebytes Labs found over a dozen sites that have been compromised with malicious code injected into legitimate JavaScript libraries.

    ASP.NET is a web application framework widely used by websites running shopping cart applications. The compromised websites found by Malwarebytes Labs all had a shopping cart feature that was exploited.

    These skimmer codes that are being injected to JavaScript libraries are designed to steal not just credit card information, but also passwords. Malwarebytes Labs pointed out that this skimming campaign started sometime in April this year when online transactions and payments were at high thanks to Covid-19 lockdowns.

    While CERT-IN's warning was specific to websites that were using the outdated web server framework, another instance of attackers using malware to target mobile apps to steal card details has also been spotted this year.

    A cybersecurity firm called ThreatFabric recently detected a new malware called BlackRock which has targeted over 337 Android apps and is still rampant.

    BlackRock uses overlays and keylogger functionality over legitimate apps to steal credit card details and get access to the apps.

    Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

    First Published Date: 18 Jul, 18:20 IST
    Tags:
    NEXT ARTICLE BEGINS
    keep up with tech