Crafty Web Skimming Domain Spoofs “https”

2020-03-12 00:28

While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked site's source code: "Http[.]ps". This crafty domain was hidden inside the checkout and login pages for grandwesternsteaks.com, a meat delivery service owned by Cheney Bros.

Ps domain is hosted in Russia, and sits on a server with one other malicious domain - autocapital[.

Pw. According a Mar. 3 Twitter post by security researcher and blogger Denis Sinegubko, the autocapital domain acts as a collector of data hoovered up by the http[.

Ps" bit of the malicious skimming domain refers to the country code top-level-domain for the State of Palestine.

If you run an e-commerce Web site, it would be a great idea to read up on leveraging Content Security Policy response headers and Subresource Integrity security features offered by modern Web browsers.

News URL

https://krebsonsecurity.com/2020/03/crafty-web-skimming-domain-spoofs-https/

#http #https #WEB