Security News > 2021 > February > Malicious script steals credit card info stolen by other hackers
A threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer.
Credit card skimmers are JavaScript scripts that cybercrime groups known as Magecart groups inject into hacked e-commerce sites as part of web skimming attacks.
"The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer," Malwarebytes' Head of Threat Intelligence Jérôme Segura explains in a report shared in advance with Bleeping Computer.
The threat actors' efforts to get their hands on the online store's customer financial info did not stop there: they also deployed a second version of their skimmer designed to inject payment form fields that closely mimic the shop's legitimate payment processor.
The second threat actor loaded the custom card skimmers from securityxx[.
Malwarebytes notified Costway that their stores were compromised and infected with credit card skimmers but their costway[.