Security News > 2023 > April > Hackers swap stealth for realistic checkout forms to steal credit cards
Hackers are hijacking online stores to display modern, realistic-looking fake payment forms to steal credit cards from unsuspecting customers.
These payment forms are shown as a modal, HTML content overlayed on top of the main webpage, allowing the user to interact with login forms or notification content without leaving the page.
In a new report by Malwarebytes, MageCart skimmers are now hijacking legitimate online store's payment pages to show their own fake payment forms as modals to steal customers' credit cards.
Upon reaching the checkout page of the infected site, instead of being shown the site's payment form, the malicious script displays a modal that features the brand's logo, correct language, and elegant interface elements.
This fake payment form is designed to steal customers' credit card information and send it back to the hackers.
Once the buyers enter their details on the modal, it displays a bogus loader momentarily and then shows a fake error, redirecting the user to the real payment URL. However, in the background, the threat actors have already stolen all entered details, including the credit card number, expiration date, CVV number, and cardholder name.