Sophisticated Payment Card Skimming Campaign Conceals Itself by Leveraging Stripe API

Description

A new payment card skimming campaign has been discovered, demonstrating advanced techniques to evade detection. The attack exploits Stripe's deprecated API to verify card details before exfiltration, ensuring only valid payment information is stolen while maintaining a seamless customer experience. The multi-stage compromise begins with a compromised first-party script that targets checkout pages. The attackers then remove legitimate Stripe payment elements, inject visually identical but compromised elements, and capture payment details. The stolen data is validated through Stripe's API before being exfiltrated to an unidentified malicious domain. This sophisticated approach allows the attack to operate seamlessly, making detection extremely challenging for both users and security researchers.