Web shops around the world have unknowingly been seeded with malicious code that is stealing the credit card details of its customers, new research suggests.


Almost six thousand online shops and stores have had skimming scripts installed on their networks as part of a large and continuously active campaign that may have ripped hundreds of thousands of credit card details over the last few months.

Worryingly, the hackers in question are said to be adding up to 85 new stores on a daily basis.

Dutch developer, Security chief, and founder of the Dutch e-commerce site, Byte.NL, Willem De Groot said he found 5,925 individual compromised sites by scanning for the specific signature exhibited by the malicious code that had been covertly injected into website payment software.

According to Groot, a substantial proportion of the stolen data has ended up on servers based in Russia.

Perhaps the highest profile victim of the attacks so far is the US National Republican Senatorial Committee whose customers credit card information was stolen from donors to the Committee.

Detailing his findings in blogpost, De Groot seems to imply that there is nothing extra special about the malware being utilised for the cybercrime, instead stating that the hackers were simply exploiting existing well known vulnerabilities in popular web retailing programs.

Worse still, De Groot claims that he found 9 individual types of skimming code on some retailers’ sites, pointing to the fact that many different types of cybercriminal groups are involved.

The solution for worried merchants and on-line sellers? Worryingly, according to Groot, much of the current problem could be simply eradicated by simply updating or regularly upgrading their current software.

De Groot also makes the convincing point that Visa and MasterCard could revoke the payment licenses of sloppy merchants, but argues that for more effective would be if Google added compromised sites to its Chrome Safe Browsing Blacklist index:

“Visitors would be greeted with a fat red warning screen and induce the store owner to quickly resolve the situation. I have submitted all my malware samples to Google’s Safe Browsing team but only a small part of the detected malware has been blocked so far.”