Skimming is not a new word to the cybersecurity industry. Earlier, skimming referred to stealing payment data from ATMs by attaching a physical ‘skimmer’ to ATMs. Now, with the evolving payment landscape, skimming has also been evolving into online skimming and targeting e-commerce sites.
Online skimming is an adverse activity of stealing payment information from e-commerce websites by infecting specific sites with sniffers/ Java Script sniffers. Once the malware is injected, it is very hard to detect the traces of it on the website. JS skimmers work as independent teams, develop their malicious JS skimming code, and sell it to the highest bidder in the dark web.
The cyberattack after infecting 17000 websites, evolved into an even more sophisticated data-stealing activity. Again, in September 2019, eTD found a new JS skimmer with many novel features.