Sophisticated Payment Card Skimming Campaign Conceals Itself by Leveraging Stripe API

SUMMARY :

A new payment card skimming campaign has been discovered, demonstrating advanced techniques to evade detection. The attack exploits Stripe's deprecated API to verify card details before exfiltration, ensuring only valid payment information is stolen while maintaining a seamless customer experience. The multi-stage compromise begins with a compromised first-party script that targets checkout pages. The attackers then remove legitimate Stripe payment elements, inject visually identical but compromised elements, and capture payment details. The stolen data is validated through Stripe's API before being exfiltrated to an unidentified malicious domain. This sophisticated approach allows the attack to operate seamlessly, making detection extremely challenging for both users and security researchers.

OPENCTI LABELS :

form manipulation,client-side attacks,checkout page targeting,payment card skimming,stripe api,e-commerce security,api exploitation,card validation


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Sophisticated Payment Card Skimming Campaign Conceals Itself by Leveraging Stripe API