Nearly 50 online merchants have already been compromised in intrusions exploiting Stripe's legacy application programming interface "api.stripe[.]com/v1/sources" for payment data validation part of an advanced web skimmer campaign that has been underway since August, according to The Hacker News.
Attacks may have involved the initial compromise of vulnerable WordPress, WooCommerce, and PrestaShop instances to facilitate injection of a malicious script that deploys a next-stage payload redirecting to the skimmer script, which not only conceals the Stripe iframe but also mimics the 'Place Order' button, a report from Jscrambler showed. Additional analysis of the skimmer scripts revealed Square payment form spoofing, as well as the inclusion of cryptocurrency-based payment options, noted Jscrambler researchers. "This sophisticated web skimming campaign highlights the evolving tactics attackers use to remain undetected. And as a bonus, they effectively filter out invalid credit card data, ensuring that only valid credentials are stolen," added researchers.
