Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer

MalwareBytes is reporting a weird software credit card skimmer. It harvests credit card data stolen by another, different skimmer:

Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature.

“The threat actors devised a version of their script that is aware of sites already injected with a Magento 1 skimmer,” Malwarebytes’ Head of Threat Intelligence Jérôme Segura explains in a report shared in advance with Bleeping Computer.

“That second skimmer will simply harvest credit card details from the already existing fake form injected by the previous attackers.”

Posted on February 9, 2021 at 6:01 AM11 Comments


Danny February 9, 2021 9:17 AM

Nitpick. Text says harvesting, title says stealing.
Stealing would means the 2nd skimmer would deny the 1st skimmer its already harvested data. Does it do that? Or would just copy that data from 1st skimmer, in which case is a more case of unwanted data sharing than stealing.

Clive Robinson February 9, 2021 9:29 AM

@ ALL,

I guess it’s not unexpected when you look at certain behaviours in nature…

But we have kind of seen it before in software with the,

“If you can not beat them do a Microsoft, embrace, extend, and starve them out.”

I guess the next logical step is to develop malware that only preys on malware.

I’m not even sure what the legal position would be other than they are both utilising a system against the owners wishes.

But as with the old Electronic Warfare(EW) getting blocked by Electronic Counter Measures(ECM), then in turn getting defeated by the “counter counter measures”(ECCM) treatment and so on… The evolution in futility will be an interrsting exercise in human driven evolutionary response.

In the EW case,it was the exponentialy rising cost of countermeasure results and resources. for the very decreasing returns that put a limit in that back and forth.

But for this potential back and forth the costs are realy just developer time, which can be negligable even with significantly reduced Empire to fight for…

Rombobjörn February 9, 2021 10:58 AM

The hepatitis D virus can only infect people who are also infected with hepatitis B. Now we have the same situation in software: malware that depends on other malware.

Personally I protect myself from card skimming by not having any kind of payment card. Every transaction that leaves my bank account is initiated and authorized by me – except for the bank fees that the bank gives itself permission to withdraw. But the social pressure to get a payment card grows ever stronger. My society really really wants everybody to contribute to the carding industry.

SpaceLifeForm February 9, 2021 2:30 PM

Cash is King.

Should petrol stations install their own Defensive skimmers to counter the Offensive skimmers?

What is Offense? What is Defense?

Who is really attacking the Refs (you)?

Austin February 9, 2021 2:47 PM

This exact idea was presented at an FBI meeting a few years ago. They wanted to be a step ahead of the skimmers and cancel the cards at just enough of a rate that it would make the effort unworthy but not reveal how it was happening.

1&1~=Umm February 11, 2021 9:24 AM


“Web Credit Card Skimmer Steals Data from Another Credit Card Skimmer which steals data from another credit card skimmer”

Logically a ‘Turtles all the way down’ problem…

However remember ‘the law of diminishing returns’ also applies which is effectively either a straight line heading for the X axis at some point in time t where diminishing proft becomes an all to easily predicted increasing loss. That gouges an ever increasing loss valley in the balance sheet.

Or there are the more interesting exponential or natural(%) options…

The first starting with an almost imperceptible decrease in profit, which then builds into an unrecoverable nose dive plumet to a time t crashing out of Profitsville into Lossville territory like a rock out of space leaving on heck of a hole in the balance sheet.

The second if the opperators are lucky starts with an initial near nose dive plumit in profitability which should serve as ‘a warning to get the heck out of Dodge”, but eventually pulls out never quite getting to the X axis and the greater Lossville teritory.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.