Hackers Exploit Stripe API for Web Skimming Card Theft on Online Stores

Cybersecurity researchers at Jscamblers have uncovered a sophisticated web-skimming campaign targeting online retailers. The campaign utilizes a legacy application programming interface (API) to validate stolen credit card details in real time before transmitting them to malicious servers. This technique allows attackers to ensure they are only harvesting active and valid card numbers, significantly increasing the efficiency and potential profit of their operations.

According to Jscrambler’s analysis, shared with Hackread.com, this web-skimming operation has been ongoing since at least August 2024. The attack starts with the injection of malicious JavaScript code, designed to mimic legitimate payment forms, into the checkout pages of targeted websites. This code captures customer payment information as it is entered. The second phase involves obfuscation using a base64-encoded string, which conceals crucial URLs from static security analyses, such as those performed by Web Application Firewalls (WAFs).

The key innovation in this campaign lies in its ...