CYBER – Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout (OODA)

A new credit card skimmer is utilizing postMessage to create convincing PayPal transactions that are illegitimate and steal payment data. The new credit card skimming campaign comes during the holiday season when more customers are using e-commerce sites and shopping online. The malicious process hijacks PayPal transactions during checkout, causing both parties to lose money.

A security researcher known as Affable Kraut first reported the technique. He found that the card skimming program uses postMessage to inject sophisticated and accurate PayPal iframes into the checkout process to launder money from the purchase. This marks the first card skimmer to use a method such as this. When users check out using the illegitimate window, the information inputted is sent back to a server operated by attackers.

Read More: Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout