Security News > 2020 > December > Multi-platform card skimmer found on Shopify, BigCommerce stores
A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce.
This new skimmer can also abuse hosted e-commerce systems such as Shopify and BigCommerce, as researchers at Dutch cyber-security company Sansec found, even though they do not provide support for custom checkout pages scripts.
The skimmer will also throw an error after the customers hit the "Proceed" button to submit their credit card information to evade detection and not raise any alarm flags.
Another interesting technique used by this skimmer is the way it exfiltrates data to automatically generated domains based on a counter and encoded using base64 encoding.
They found a credit card stealer script hidden in plain sight using CSS code to avoid getting discovered, a web skimming malware able to camouflage as SVG social media buttons, and an almost impossible to get rid of credit card stealer bundling a persistent backdoor.