Credit-Card Skimmer Seeks Websites Running Microsofts ASP.NET

  /     /     /  
Publicated : 23/11/2024   Category : security


Credit-Card Skimmer Seeks Websites Running Microsofts ASP.NET


The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.



A credit-card skimmer is exclusively targeting websites that are hosted on Microsoft IIS servers and running ASP.NET, the companys web framework for developing web applications and services.
Malwarebytes Lab researchers found more than a dozen websites compromised with malicious code injected into one of their existing JavaScript libraries. The campaign likely started in April 2020 and has affected a range of victims, including sports organizations, health and community associations, and a credit union.
Attackers dont seem to be targeting a specific JavaScript library, the researchers say, and their code sometimes takes different forms. All victim websites were running ASP.NET version 4.0.30319, which the researchers note is no longer officially supported and contains multiple flaws. 
ASP.NET is less common than PHP but still accounts for a sizeable market share and includes websites with shopping-cart applications, according to a blost post by Jerome Segura, head of threat intelligence. All of the victim websites had shopping portals, which were the attackers target. The skimmer is built to look for credit-card numbers and passwords; however, the password-seeking method appears to be incorrectly implemented, he wrote.
Read more details
here
.
Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays featured story:
The Entertainment Biz Is Changing, but the Cybersecurity Script Is One Weve Read Before
.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Credit-Card Skimmer Seeks Websites Running Microsofts ASP.NET