Security News > 2020 > March > Crafty Web Skimming Domain Spoofs “https”
While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked site's source code: "Http[.]ps". This crafty domain was hidden inside the checkout and login pages for grandwesternsteaks.com, a meat delivery service owned by Cheney Bros.
Ps domain is hosted in Russia, and sits on a server with one other malicious domain - autocapital[.
Pw. According a Mar. 3 Twitter post by security researcher and blogger Denis Sinegubko, the autocapital domain acts as a collector of data hoovered up by the http[.
Ps" bit of the malicious skimming domain refers to the country code top-level-domain for the State of Palestine.
If you run an e-commerce Web site, it would be a great idea to read up on leveraging Content Security Policy response headers and Subresource Integrity security features offered by modern Web browsers.
News URL
https://krebsonsecurity.com/2020/03/crafty-web-skimming-domain-spoofs-https/