December 27, 2023 at 08:42AM
Europol and 17 countries collaborated to notify over 400 online merchants of digital skimmer infections. The operation led by Greece also identified two dozen new skimmers. These malware, also known as JavaScript-sniffers, are injected into legitimate websites to pilfer personal and card information. Such digital skimming may go undetected for long, leading to the stolen data being sold or used for fraudulent activities.
Summary of Meeting Notes:
– Europol announced a coordinated international operation involving law enforcement agencies from 17 countries to notify over 400 online merchants of digital skimmer infections.
– The operation, led by Greece, identified two dozen new digital skimmers and involved Group-IB, a threat intelligence firm.
– Digital skimmers, also known as JavaScript-sniffers or JS-sniffers, are malware injected into legitimate websites to steal personal and card information.
– Group-IB identified 132 digital skimmer families, such as AngryBeaver, ATMZOW, and FirstKiss, in this operation.
– Both Europol and Group-IB warned about the scale, impact, and sophistication of digital skimming, noting that it may go unnoticed for a long time and that stolen payment card data is typically sold to other cybercriminals or used for fraud.
– Cybercriminals use illicit services to check the validity of stolen credit card data before using it fraudulently. A Russian national was charged in the US earlier this year for operating such a service.
Related articles to note:
– See Tickets alerted 300,000 customers after another web skimmer attack.
– The underground carding marketplace Joker’s Stash announced its shutdown.
– The website of Canadian liquor distributor LCBO was infected with a web skimmer.
Please let me know if you need any further details or updates.