216.73.217.80

Sophisticated Payment Card Skimming Campaign Conceals Itself by Leveraging Stripe API

· Published 21/02/2025 05:58 · Modified 21/02/2025 15:30

Export JSON

Essential information

Published
21/02/2025 05:58
Modified
21/02/2025 15:30
Tags
2025-02-21 api exploitation card validation checkout page targeting client-side attacks e-commerce security form manipulation payment card skimming stripe api
Related entities
2 others

Description

A new campaign has been discovered, demonstrating advanced techniques to evade detection. The attack exploits Stripe's deprecated API to verify card details before exfiltration, ensuring only valid payment information is stolen while maintaining a seamless customer experience. The multi-stage compromise begins with a compromised first-party script that targets checkout pages. The attackers then remove legitimate Stripe payment elements, inject visually identical but compromised elements, and capture payment details. The stolen data is validated through Stripe's API before being exfiltrated to an unidentified malicious domain. This sophisticated approach allows the attack to operate seamlessly, making detection extremely challenging for both users and security researchers.

External references