Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel. "Custom script editors are popular with bad actors because they allow for external third party (and malicious) JavaScript and can easily pretend to be benign by leveraging naming conventions that match popular scripts like Google Analytics or libraries like JQuery," security researcher Matt Morrow said. The bogus Meta Pixel tracker script identified by the web security company contains similar elements as its legitimate counterpart, but a closer examination reveals the addition of JavaScript code that substitutes references to the domain "connect.facebook[.]net" with "b-connected[.]com." While the former is a genuine domain linked to the Pixel tracking functionality, the replacement domain is used to load an additional malicious script ("fbevents.js") that monitors if a victim is on a checkout page, and if so, serves a fraudulent overlay to grab their credit card details. It's worth noting that "b-connected[.]com" is a legitimate e-commerce website that has been compromised at some point to host the skimmer code. What's more, the information entered into the fake form is exfiltrated to another compromised…Read More
References
Back to Main