Security News > 2022 > May > Microsoft: Credit card stealers are getting much stealthier
Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code.
Skimming gangs obfuscate their code snippets, inject them into image files, and masquerade them as popular web applications to evade detection.
Payment card skimming is a web-based attack where hackers inject malicious JavaScript code onto e-commerce websites by exploiting a vulnerability on the underlying platform or poor security practices.
The code is activated when the site visitor reaches the checkout page and proceeds to enter their credit or debit card details to pay for the placed order.
Microsoft's analysis revealed that those scripts don't just load the card skimmers but also feature anti-debugging mechanisms but couldn't deobfuscate them to the level required for more details on that function.
Common characteristics among all payment card skimmers include the presence of base64-encoded strings and the "Atob()" JavaScript function on compromised webpages.