Tag: e-commerce

9 Attack Reports | 0 Vulnerabilities

Attack reports

Stripe API Skimming Campaign: Additional Victims & Insights

A sophisticated web skimming campaign has been discovered, utilizing a legacy Stripe API to validate stolen payment details before exfiltration. The attack involves multiple stages, including malicious loader injection, decoding, and skimming. Jscrambler's research team identified 49 affected merch…
wordpress
e-commerce
javascript injection
web skimming
payment fraud
stripe api
woocommerce
2025-04-03
client-side security
Published: April 3, 2025
Downloadable IOCs: 2

Credit Card Skimmer and Backdoor on WordPress E-commerce Site

A sophisticated malware attack targeting WordPress WooCommerce sites was discovered, involving multiple components: a credit card skimmer, a hidden backdoor file manager, and a reconnaissance script. The attack focused on financial gain and long-term control. The skimmer, injected into the checkout…
backdoor
obfuscation
javascript
wordpress
reconnaissance
php
credit card skimmer
e-commerce
2025-03-15
woocommerce
Published: March 15, 2025
Downloadable IOCs: 0

Valentine's Day Cyber Attack Landscape: Exploiting Love Through Digital Deception

Valentine's Day 2025 has become a focal point for sophisticated cybersecurity threats, with attackers exploiting emotional vulnerabilities and seasonal shopping behaviors. A complex network of scams has emerged, including OAuth-based phishing, brand impersonation, and cryptocurrency fraud. These th…
phishing
social engineering
cryptocurrency
financial fraud
social media
e-commerce
brand impersonation
oauth
2025-02-15
valentine's day
Published: February 15, 2025
Downloadable IOCs: 0

Green Bay Packers' online store hacked to steal credit cards

A threat actor breached the Green Bay Packers' official online retail store in October, injecting a card skimmer script to steal customers' personal and payment information. The attack, discovered on October 23, 2024, targeted the packersproshop.com website. The malicious code, inserted in the chec…
data breach
e-commerce
credit card theft
2025-01-07
card skimmer
content security policy bypass
Published: January 7, 2025
Downloadable IOCs: 0

Sophisticated Google Domain Exploitation Chain Unleashed

A sophisticated attack chain targeting e-commerce payment flows has been exposed, leveraging trusted Google domain requests to execute malicious code. The attack exploits Google's domain reputation to bypass security filters, chains multiple legitimate services for persistence, and blends malicious…
e-commerce
javascript injection
2025-01-01
google domain exploitation
Published: January 1, 2025
Downloadable IOCs: 3

Unwrapping the AIZ—Aggressive Inventory Zombies—Retail & Crypto Phishing Network Campaign

A large-scale phishing campaign targeting retail brands and cryptocurrency users has been uncovered. The campaign, dubbed 'Aggressive Inventory Zombies' (AIZ), initially impersonated Etsy but expanded to target major retailers like Amazon, BestBuy, and eBay. The threat actor uses a popular website …
phishing
impersonation
e-commerce
2024-12-13
retail
Published: December 13, 2024
Downloadable IOCs: 59

Financially Motivated Chinese Threat Actor SilkSpecter Targeting Black Friday Shoppers

A Chinese financially motivated threat actor, dubbed SilkSpecter, has been uncovered targeting e-commerce shoppers in Europe and USA with a phishing campaign leveraging Black Friday discounts. The actor uses fake discounted products as lures to steal Cardholder Data, Sensitive Authentication Data, …
phishing
financial fraud
e-commerce
chinese threat actor
2024-11-14
oemapps
black friday
google translate
stripe
Published: November 14, 2024
Downloadable IOCs: 13

Malware Steals Account Credentials

A malicious script targeting e-commerce sites, particularly Magento, has been discovered. The script, found in the dataPost.js file, is heavily obfuscated and designed to steal customer account credentials and admin login details. It waits for login actions to trigger, then scrapes data entered int…
obfuscation
credential theft
magento
e-commerce
2024-11-09
account hijacking
admin access
Published: November 9, 2024
Downloadable IOCs: 0

Hundreds of online stores hacked in new campaign

A cybersecurity report details a malware campaign targeting numerous e-commerce websites running the popular Magento platform. Threat actors exploited a vulnerability to inject malicious code that skims payment data from online shoppers during checkout. The skimmer code is loaded from attacker-cont…
injection
fraud
2024-08-23
magento
skimming
payment
e-commerce
Published: August 23, 2024
Downloadable IOCs: 15
Click here to see more Attack Reports