Europol, in cooperation with the European Union Agency for Cybersecurity (ENISA) and law enforcement authorities from 17 countries identified hundreds of online merchants infected with credit card skimmers as part of an effort aimed at combating the rising threat of digital skimming attacks.
Over the course of a two-month operation, the alliance, supported by national Computer Security Incident Response Teams (CSIRT), has notified 443 online merchants about the compromise of their customers' credit card and payment card data.
Digital skimming is a type of cybercrime where perpetrators steal sensitive payment information during the online checkout process, has become a rampant issue affecting online businesses worldwide. The criminals employ sophisticated information technology, known as JavaScript sniffers or JS-sniffers, to intercept data without alerting either the customers or the online merchants.
During the operation, 23 families of JS-sniffers were detected and identified. Some of the identified families include ATMZOW, health_check, FirstKiss, FakeGA, AngryBeaver, Inter, and R3nin. These families of JS-sniffers were found to be compromising the security of various online platforms, putting the financial information of countless users at risk.
Earlier this month, security researchers at Sucuri spotted a Magecart campaign that leveraged a malicious WordPress plugin capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information.
