Security News > 2021 > April > VISA: Hackers increasingly using web shells to steal credit cards
Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers.
Throughout the last year, VISA has seen a growing trend of web shells being used to inject JavaScript-based scripts known as credit card skimmers into hacked online stores in web skimming attacks.
"Throughout 2020, Visa Payment Fraud Disruption identified a trend whereby many eSkimming attacks used web shells to establish a command and controlduring the attacks," VISA said.
"PFD confirmed at least 45 eSkimming attacks in 2020 using web shells, and security researchers similarly noted increasing web shell use across the wider information security threat landscape."
As VISA PFD found, web shells were mostly used by Magecart threat actors to backdoor hacked online store servers and set up a command-and-control infrastructure that allowed them to exfiltrate the stolen credit card info.
"While the above tactics, techniques and procedures are not an exhaustive list of the various methods and exploits that attackers used in these web shell attacks, they are some of the leading methodologies identified," VISA added.