This recent investigation uncovered a sophisticated web skimming attack targeting Casio UK and 16 other websites, likely due to vulnerabilities in Magento-based platforms. Cybercriminals employed a double-entry skimming tactic, intercepting checkout button clicks and presenting fake payment forms to steal sensitive user data. The attack used a two-stage skimmer, with an un-obfuscated loader injecting an obfuscated second-stage script that encrypted stolen data using AES-256-CBC. Researchers found that Casio UK’s Content Security Policy (CSP) was ineffective in preventing the attack due to misconfiguration. The skimmer was active between January 14 and 24 before Casio UK took action within 24 hours of being alerted. Continue here.
