Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases.
Threat actors use the stolen data to perform unauthorized transactions, such as online purchases, or resell them to other cybercriminals on dark web marketplaces.
These attacks can go undetected for weeks or even several months, and depending on the popularity of the breached e-commerce platforms, cybercriminals can collect large numbers of payment card details.
Coordinated by Europol and spearheaded by Greece, a two-month international operation involving law enforcement from 17 countries and private entities such as Group-IB and Sansec identified skimmer infections on 443 websites.
“With the support of national Computer Security Incident Response Teams (CSIRT), the two-month action has enabled Europol and its partners to notify 443 online merchants that their customers’ credit card or payment card data had been compromised,” explained Europol.
The above families are known for elusive behavior, such as abusing Google Tag Manager to update their malicious code snippets and mimicking Google Analytics code to dodge detection during website code inspections.
For more information on the threat of digital skimming, online merchants are recommended to consult this guide from Europol.
This action comes at a critical moment as online shopping activity spikes during the holiday season.
Using digital payment methods or one-time private cards can help minimize the likelihood of having payment card details stolen.
It is also advisable to scrutinize credit card statements for unauthorized charges, which can help alert if a card has been compromised.