CYBER – Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout (OODA)

A new credit card skimmer is utilizing postMessage to create convincing PayPal transactions that are illegitimate and steal payment data. The new credit card skimming campaign comes during the holiday season when more customers are using e-commerce sites and shopping online. The malicious process hijacks PayPal transactions during checkout, causing both parties to lose money.

A security researcher known as Affable Kraut first reported the technique. He found that the card skimming program uses postMessage to inject sophisticated and accurate PayPal iframes into the checkout process to launder money from the purchase. This marks the first card skimmer to use a method such as this. When users check out using the illegitimate window, the information inputted is sent back to a server operated by attackers.

Read More: Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout

Marco Emanuele
Marco Emanuele è appassionato di cultura della complessità, cultura della tecnologia e relazioni internazionali. Approfondisce il pensiero di Hannah Arendt, Edgar Morin, Raimon Panikkar. Marco ha insegnato Evoluzione della Democrazia e Totalitarismi, è l’editor di The Global Eye e scrive per The Science of Where Magazine. Marco Emanuele is passionate about complexity culture, technology culture and international relations. He delves into the thought of Hannah Arendt, Edgar Morin, Raimon Panikkar. He has taught Evolution of Democracy and Totalitarianisms. Marco is editor of The Global Eye and writes for The Science of Where Magazine.

Latest articles

Related articles