Stripe API Skimming Campaign Unveils New Techniques for Theft


A new skimming attack leveraging the Stripe API to steal payment information has been uncovered by cybersecurity researchers at Jscrambler.

The attack, which injects a malicious script into e-commerce checkout pages, operates by intercepting and exfiltrating customer payment details in real-time.

Unlike traditional skimmers, which often insert rogue payment forms, this campaign exploits the legitimate Stripe API to siphon off data.

According to a new advisory published by Jscrambler today, the attackers inject JavaScript directly into checkout pages, allowing them to capture credit card details before they reach Stripe’s secure processing system.

The malware effectively mimics legitimate functions, making detection challenging. It waits for customers to input payment details, then silently transmits the stolen data to attacker-controlled domains.

This attack primarily affects online merchants using Stripe for payment processing. However, since businesses of all sizes have widely adopted Stripe, the potential exposure is significant.

“While the initial report did not disclose the number of compromised merchants, Jscrambler’s research team conducted an independent investigation and identified 49 merchants affected by this campaign so far,” the company said.

“This number is likely an underestimation, as new victims continue to be discovered.”

Jscrambler added that any e-commerce site relying on third-party scripts could be vulnerable, if proper security measures are not in place.

Read more on similar attacks: New PhishWP Plugin Enables Sophisticated Payment Page Scams

The researchers identified several red flags that can help businesses detect this attack:

  • Unexpected modifications in JavaScript files
  • Unusual network requests to unknown domains
  • Changes in Stripe’s API calls that redirect data

To mitigate web skimming risks, merchants and payment service providers should also implement real-time webpage monitoring to detect unauthorized scripts, and use secure iFrame solutions to prevent hijacking and ensure compliance with PCI DSS 4.0.1 requirements.

“Given that small merchants often lack the expertise or resources to fully implement PCI DSS 4.0’s stringent requirements,” Jscrambler said, “automated solutions provide an essential layer of protection.” 

Image credit: T. Schneider / Shutterstock.com



Source link

Leave a Comment