Attackers are improving their digital skimming techniques, using Modal Forms to fool cardholders.

Cybersecurity researchers at Malwarebytes have observed a Magecart (also called digital skimming) campaign that leverages attention to detail to create an incredibly well-designed “customer experience”, concealing its true function as a digital skimmer. While the Magecart campaign is using previously discovered skimmer malware known as “Kritec”, this group of infections is using a new, well-crafted, user interface. When navigating the checkout process on an infected merchant site, customers will be presented with a “modal” card payment form. Modal forms typically appear on top of the existing website content and blur the background rather than redirecting to a new webpage. This creates  a more seamless checkout experience for customers. In this new campaign, the malicious modal payment form is closely designed to complement the merchant’s branding, and features an animated brand icon, outshining the merchant’s legitimate and uninfected payment form. Once a customer fills out the infected modal payment form, they are presented with a fake error message and ultimately redirected to the merchant’s true payment form. The cybersecurity researchers noted how well-designed the digital skimmer was and found similar examples on other merchant websites. 

Why This Matters

Magecart attacks are not a new phenomenon, but instead continue to persist due to their success in exploiting the ever-increasing volume of ecommerce business. The criminals behind the campaigns to infect merchants with digital skimming code are constantly evolving and improving their techniques. While there are many potential attack vectors that can result in a website becoming infected with a digital skimmer, a common trend is for hackers to exploit unpatched and out-of-date software. Even with new and improved Magecart techniques being developed, compliance with PCI DSS remains an effective way for merchants to protect themselves. Keeping software up to date, using multi-factor authentication, and holding third party vendors to high security standards are critical to defend against Magecart.

How Can RiskRecon Help

RiskRecon by Mastercard can help you continuously and objectively monitor how each of your third-party vendors implement and operate their cybersecurity risk management program. As seen by this latest attack technique, speed and frequency are also essential in assessing risk today. As these new threats are observed, it’s necessary to be able to quickly assess and manage your risk exposure. Manual spreadsheets and periodic surveys can’t deliver the hard data you need to manage risk proactively. Leverage RiskRecon to achieve better risk outcomes and modernize your TPRM program to withstand emerging threats.

Request a Demo TODAY.