Credit-Card Skimmer Seeks Websites Running Microsoft’s ASP.NET

The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.

A credit-card skimmer is exclusively targeting websites that are hosted on Microsoft IIS servers and running ASP.NET, the company’s web framework for developing web applications and services.

Malwarebytes Lab researchers found more than a dozen websites compromised with malicious code injected into one of their existing JavaScript libraries. The campaign likely started in April 2020 and has affected a range of victims, including sports organizations, health and community associations, and a credit union.

Attackers don’t seem to be targeting a specific JavaScript library, the researchers say, and their code sometimes takes different forms. All victim websites were running ASP.NET version 4.0.30319, which the researchers note is no longer officially supported and contains multiple flaws. 

ASP.NET is less common than PHP but still accounts for “a sizeable market share” and includes websites with shopping-cart applications, according to a blost post by Jerome Segura, head of threat intelligence. All of the victim websites had shopping portals, which were the attackers’ target. The skimmer is built to look for credit-card numbers and passwords; however, the password-seeking method “appears to be incorrectly implemented,” he wrote.

Read more details here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Recommended Reading:

More Insights

Read More HERE