On 3 December 2024, the RH-ISAC intel team was informed about a possible digital skimmer that may be present on an unnamed e-commerce website. JJ Josing, Principal Threat Researcher at the RH-ISAC, started his initial investigation into this incident. Our investigation discovered a script block containing heavily obfuscated JavaScript in the HTML of the checkout page. Once the code was deobfuscated, we confirmed the presence of an active digital skimmer. The malicious JavaScript extracts address and credit card information and sends the stolen data to the threat actor’s remote server.
Download the full report for information about why this skimmer is dangerous, indicators of compromise, and recommended mitigations.
