Europol has informed more than 400 websites that their online stores have been compromised by malicious scripts that surreptitiously pilfer debit and credit card information from clients during the transaction process.
Skimmers are compact segments of JavaScript code that are inserted into checkout pages or retrieved from an external source in order to avoid being detected. These entities are specifically engineered to intercept and pilfer payment card details, including card numbers, expiration dates, verification numbers, names, and shipping addresses. Subsequently, the acquired information is uploaded to the servers controlled by the attackers.
Adversaries employ the pilfered information to carry out illicit operations, such as internet acquisitions, or vend them to fellow cyber malefactors on clandestine online marketplaces.
These attacks can remain unnoticed for extended periods, ranging from weeks to several months. The extent of the breach’s impact depends on the popularity of the targeted e-commerce sites, as thieves can amass significant quantities of payment card information.
Europol led a two-month international investigation, with Greece taking the lead, to identify skimmer infections on 443 websites. The operation involved law enforcement from 17 nations and corporate firms like Group-IB and Sansec.
Europol stated that, with the assistance of national Computer Security Incident Response Teams (CSIRT), they were able to inform 443 online businesses that the credit card or payment card information of their consumers had been breached during the two-month operation.