This Credit card skimmer self-destructs and enables anti-tampering protection after stealing
According to reports, researchers have found that the customers of Greenworks hardware tools website payment card data are being stolen. Greenworks Tools is the leader in battery-powered outdoor power tools for DIY-consumers and landscaping professionals. The company distributes Greenworks-branded and private label products, as well as products for an extensive network of Original Equipment Manufacturers.
The Greenworks Tool website was hit by a highly-sophisticated self-cleaning and self-destructing skimmer that copies customer card data at check out and sends it to the attackers. Researchers from RapidSpike found the malicious code on the U.S. website ‘greenworkstools[.]com’ was been collected by the skimmer and land on the hacker’s server at ‘congolo[.]pro’.
Hiding from security tools and researchers are not the only tactics, though, as RapidSpike identified in the malicious code a self-destruction routine that activates on attempted tampering.
Well, the researchers from Rapidspike also said that not only the customers’ credit card details like card numbers and CVV were stolen but also steal account details (usernames and passwords) and personal customer data (phone number, delivery address).
RapidSpike says that the attackers created an overlay for the entire check out page by injecting an empty element into its footer. An ‘onmouseover’ event triggers the skimmer when customers move the mouse on the page, the researchers say.
However, if the number of characters in the script changes, even as little as one extra or one fewer characters, the script will self-destruct
When the researchers try to change the attributes the self-destruction shows an error, “destroying the skimmer and potentially causing anyone investigating to believe the code is not malicious because it won’t actually do anything.”
According to the researchers, a customer that made a purchase on the U.S. website of Greenworks Tools since June 8 is advised to contact their bank and cancel their payment card. However, about the account details, you can change your password and enable two-factor authentication if possible. For more news on tech and cybersecurity subscribe to our newsletter from here