CERT-In issues warning about a credit card skimming campaign that is targeting e-commerce websites
The Indian Computer Emergency Response Team (CERT-In) has issued a public warning about a credit card skimming campaign that is targeting sports, health and e-commerce websites. CERT-In explained in an official post that hackers are targeting websites that are hosted on Microsoft's IIS server that is running on the ASP.NET web application framework.
The problem that these attackers are exploiting lies with version 4.0.30319 of ASP.NET which is no longer officially supported by Microsoft and contains a host of vulnerabilities which makes it easy for hackers to break in.
In the advisory, CERT-In has asked these websites using ASP.NET web framework and IIS server to update to the latest version and conduct audits of web application, server and database server. CERT-In has also asked these sites to check web server directories regularly to keep an eye out for malicious web shell files and make sure they are removed before they can be exploited.
ASP.NET is a web application framework widely used by websites running shopping cart applications. The compromised websites found by Malwarebytes Labs all had a shopping cart feature that was exploited.
While CERT-IN's warning was specific to websites that were using the outdated web server framework, another instance of attackers using malware to target mobile apps to steal card details has also been spotted this year.
A cybersecurity firm called ThreatFabric recently detected a new malware called BlackRock which has targeted over 337 Android apps and is still rampant.
BlackRock uses overlays and keylogger functionality over legitimate apps to steal credit card details and get access to the apps.