Security News

Hackers are hijacking online stores to display modern, realistic-looking fake payment forms to steal credit cards from unsuspecting customers. These payment forms are shown as a modal, HTML content overlayed on top of the main webpage, allowing the user to interact with login forms or notification content without leaving the page.

A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans. To evade detection, the threat actors are now injecting malicious scripts directly into the site's payment gateway modules used to process credit card payments on checkout.

A carding marketplace known as BidenCash has leaked online a free database of 2,165,700 debit and credit cards in celebration of its first anniversary. According to Cyble researchers who first spotted it, the leaked information is extensive, with details on "At least 740,858 credit cards, 811,676 debit cards, and 293 charge cards."

New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC chips embedded in credit cards and mobile devices to conduct close-proximity payments via credit cards, smartphones, or even smartwatches.

A New York resident has pleaded guilty to charges of conspiracy to commit bank fraud using stolen credit cards purchased on dark web cybercrime marketplaces. According to the indictment shared in the U.S. Department of Justice announcement, Osagie purchased thousands of credit and debit card data from dark web markets.

The Liquor Control Board of Ontario, a Canadian government enterprise and the country's largest beverage alcohol retailer, revealed that unknown attackers had breached its website to inject malicious code designed to steal customer and credit card information at check-out.LCBO revealed on Wednesday that third-party forensic investigators found a credit card stealing script that was active on its website for five days.

Sadly, that's long merely in terms of time, not long in terms of technical complexity or the number of links in the chain itself. In the early 2010s, a web analytics company called Cockpit offered a free web marketing and analytics service.

According to a data breach notification shared with the Montana Attorney General's office, See Tickets discovered the breach in April 2021, when they started an investigation with the help of a forensics firm. After engaging with forensic experts and Visa, MasterCard, American Express, and Discover to investigate the incident further, See Tickets concluded on September 12, 2022, that unauthorized parties may have accessed customer credit card information.

Two point-of-sale malware variants have been put to use by a threat actor to steal information related to more than 167,000 credit cards from payment terminals. While a significant proportion of attacks aimed at gathering payment data rely on JavaScript sniffers stealthily inserted on e-commerce websites, PoS malware continues to be an ongoing, if less popular, threat.

Cybercriminals have used two strains of point-of-sale malware to steal the details of more than 167,000 credit cards from payment terminals. The security firm's threat intelligence unit identified the C2 server in April, and determined the operators stole payment info belonging to tens of thousands of credit card holders between February 2021 and September 8, 2022.