216.73.217.50

Stripe API Skimming Campaign: Additional Victims & Insights

· Published 03/04/2025 22:07 · Modified 04/04/2025 09:04

Export JSON

Essential information

Published
03/04/2025 22:07
Modified
04/04/2025 09:04
Tags
2025-04-03 client-side security e-commerce javascript injection payment fraud stripe api web skimming woocommerce wordpress
Related entities
2 observables, 9 techniques (mitre), 12 others

Description

A sophisticated campaign has been discovered, utilizing a legacy to validate stolen payment details before exfiltration. The attack involves multiple stages, including malicious loader injection, decoding, and skimming. Jscrambler's research team identified 49 affected merchants and uncovered additional domains potentially involved in the campaign. The skimmers are tailored for each targeted site and exploit vulnerabilities in platforms. The attackers employ minimal obfuscation and transmit stolen data without encryption. The campaign has been active since August 2024, primarily targeting and sites. To protect against such attacks, merchants are advised to implement real-time webpage monitoring and adopt hardened iframe implementations.

External references