Online payment firms subjected to extended web skimming attack

Online payment firms in North and Latin America and the Asia Pacific have been targeted for over a year by the Silent Skimmer campaign that sought to exfiltrate sensitive payment data from checkout pages, The Hacker News reports. Attributed to Chinese-speaking attackers, Silent Skimmer involved the exploitation of web app vulnerabilities followed by the utilization of various living-off-the-land techniques and open-source tools for further compromise, according to a report from the BlackBerry Research and Intelligence Team. Threat actors then distribute a PowerShell-based remote access trojan aimed at compromising web servers and facilitating stealthy financial data theft from payment checkout pages. Researchers also found that virtual private servers leveraged in the web skimmer campaign were dependent on victims' geolocation in a bid to avoid detection. "The attacker focuses predominantly on regional websites that collect payment data, taking advantage of vulnerabilities in commonly used technologies to gain unauthorized access and retrieve sensitive payment information entered into or stored on the site," said researchers.