A sophisticated web skimming campaign targeting major payment networks has been active since January 2022, affecting enterprise organizations and e-commerce sites. The attack employs obfuscated JavaScript to steal credit card and personal information, evading detection through detection checks and fake payment forms. #Magecart #StarkIndustries
Keypoints
- The campaign targets payment networks like American Express, Mastercard, and UnionPay, primarily impacting enterprise clients.
- Malicious JavaScript payloads are hosted on suspicious domains linked to banned hosting providers such as Stark Industries and THE[.]Hosting.
- The skimmer detects WordPress admin interfaces and hides itself by removing traces if it recognizes admin tools.
- Fake Stripe payment forms are displayed to trick users into entering sensitive credit card details, which are then exfiltrated.
- The attack veils its activity by deleting its traces from the webpage and using obfuscated code to evade detection.
Read More: https://thehackernews.com/2026/01/long-running-web-skimming-campaign.html