https://krebsonsecurity.com/2018/11/whos-in-your-online-shopping-cart/
By Brian Krebs
Krebs on Security
November 4, 2018
Crooks who hack online merchants to steal payment card data are constantly
coming up with crafty ways to hide their malicious code on Web sites. In
Internet ages past, this often meant obfuscating it as giant blobs of
gibberish text that was obvious even to the untrained eye. These days, a
compromised e-commerce site is more likely to be seeded with a tiny
snippet of code that invokes a hostile domain which appears harmless or
that is virtually indistinguishable from the hacked site's own domain.
Before going further, I should note that this post includes references to
domains that are either compromised or actively stealing user data.
Although the malcode implanted on these sites is not designed to foist
malicious software on visitors, please be aware that this could change at
a moment's notice. Anyone seeking to view the raw code on sites referenced
here should proceed with caution; using an online source code viewer like
this one can let readers safely view the HTML code on any Web page without
actually rendering it in a Web browser.
As its name suggests, asianfoodgrocer-dot-com offers a range of
comestibles. It also currently includes a spicy bit of card-skimming code
that is hosted on the domain zoobashop-dot-com. In this case, it is easy
to miss the malicious code when reviewing the HTML source, as it fits
neatly into a single, brief line of code.
Zoobashop is also a presently hacked e-commerce site. Based in Accra,
Ghana, zoobashop bills itself as Ghana’s "largest online store." In
addition to offering great deals on a range of electronics and home
appliances, it is currently serving a tiny obfuscated script called
"js.js" that snarfs data submitted into online forms.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
