Home GDPR #Privacy: Tupperware website targeted with credit card skimmer
GDPR - 1 week ago

#Privacy: Tupperware website targeted with credit card skimmer

Researchers have discovered a targeted cyber attack against the kitchenware brand Tupperware. 

Identified by Malwarebytes on March 20, threat actors compromised the official Tupperware website in addition to its associated websites, by hiding malicious code within an image file. 

A fraudulent payment form is then activated during the checkout process. The form then collects customer payment data via a credit card skimmer, which is then passed on to the threat actors. 

“In light of the COVID-19 outbreak, the volume of people shopping online has dramatically increased, and there is little doubt that a larger number of transactions will be impacted by credit card skimmers moving forward,” said Malwareybytes

Malwarebytes added that the actors behind the attack put a fair amount of work into integrating the credit card skimmer seamlessly and remaining undetected. 

Malwarebytes discovered the malicious activity during a web crawl after identifying a suspicious-looking iframe when visiting the Tupperware checkout page. The iframe displays the payment forms fields to shoppers. 

The domain had been created on March 9 and registered to an email address with Russian provider Yandex. It should be noted that many newly registered domains are often used by threat actors prior to a new campaign. 

“There is one small flaw in the integration of the credit card skimmer: The attackers didn’t carefully consider (or perhaps didn’t care about) how the malicious form should look on localized pages. For example, the Spanish version of the Tupperware site is written in Spanish, but the rogue payment form is still in English.”

Malwarebytes notified Tupperware of its findings but the skimmer was still active when the findings were published. However, in an update researchers stated that it noticed that the malicious PNG file was removed and soon after the JavaScript was also removed. 

The post #Privacy: Tupperware website targeted with credit card skimmer appeared first on PrivSec Report.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

“We have fallen short” says Zoom as its share price falls short, too

Zoom has responded to criticism of its service after its share price reversed some of the …