Quick Hits

Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET

The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.

A credit-card skimmer is exclusively targeting websites that are hosted on Microsoft IIS servers and running ASP.NET, the company's web framework for developing web applications and services.

Malwarebytes Lab researchers found more than a dozen websites compromised with malicious code injected into one of their existing JavaScript libraries. The campaign likely started in April 2020 and has affected a range of victims, including sports organizations, health and community associations, and a credit union.

Attackers don't seem to be targeting a specific JavaScript library, the researchers say, and their code sometimes takes different forms. All victim websites were running ASP.NET version 4.0.30319, which the researchers note is no longer officially supported and contains multiple flaws. 

ASP.NET is less common than PHP but still accounts for "a sizeable market share" and includes websites with shopping-cart applications, according to a blost post by Jerome Segura, head of threat intelligence. All of the victim websites had shopping portals, which were the attackers' target. The skimmer is built to look for credit-card numbers and passwords; however, the password-seeking method "appears to be incorrectly implemented," he wrote.

Read more details here.

Edgepromohorizontal.jpg Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "The Entertainment Biz Is Changing, but the Cybersecurity Script Is One We've Read Before."