January 25, 2025

Card Skimmer Found Hitting Vulnerable E-Commerce Sites

Malware Specifically Targets Sites Running Unsupported ASP.NET Software

A credit card skimmer that has been operating since April is specifically targeting sites hosted on Microsoft IIS servers that are currently running an out-of-date version of ASP.NET.  This approach differs from most credit card skimming attacks that target sites built on the widely adopted Linux, Apache, MySQL and PHP (LAMP) stack.  Specifically targeted were sites running ASP.NET version 4.0.30319 which has reached end-of-life and is no longer supported and therefore has many vulnerabilities.  The skimmer steals payment card numbers and tries to also swipe passwords, although the latter activity is not correctly implemented and does not always work.