Credit card 'skimmers' found inside social media buttons

Facebook, Messenger, WhatsApp and Instagram logos displayed on a phone screen and keyboard are seen in this multiple exposure illustration photo. (Jakub Porzycki/NurPhoto via Getty Images)

Constantly evolving credit card skimming techniques are a new threat to holiday shoppers.

Researchers at cybersecurity firm Sansec have discovered a novel technique that inserts payment skimmers onto checkout pages. Malwarebytes told Fox News it has also seen this new trick.

The news was first reported by ZDNet.

This isn’t the old-style physical skimmer attached by criminals to, for example, gas pump credit card readers but code that lurks on retailer checkout pages. It is also referred to as e-skimming or a Magecart attack.

“Online payment thieves developed a new method to hide payment skimmers in perfectly legitimate social media icons,” Joost Spanjerberg, a Sansec malware researcher, told Fox News in an email.

Those buttons could include Facebook, Twitter, Linkedin, or any number of well-known social media sites.

“These malicious icons lurk on checkout pages of hacked stores, and log keystrokes of unsuspecting online shoppers. When you enter your credit card numbers, these icons will send your data to an offshore (often foreign) server for later collection,” Spanjerberg said.

The problem, Spanjerberg says, is that consumers have no idea it’s happening.

“It is extremely hard for consumers to identify such fraud. Even for a trained professional, it takes hours to examine a store for possible payment skimmers. Actually, only merchants can prevent this kind of theft by running an ecommerce malware scanner on their server,” he said.

Anti-malware software firm Malwarebytes has also been tracking this.

“We have seen this latest trick and recorded a handful of sites that are currently infected with it,” Jérôme Segura, director of threat intelligence at Malwarebytes told Fox News.

“We believe this is a natural evolution in the cat-and-mouse game between [bad] actors and defenders," he said, adding that credit card skimmers used to be rudimentary and could be easily spotted.

Not anymore. “Criminals have upped their game and have adopted several different techniques to hide that code,” he added.

Buyers beware

Magecart-style cyberattacks are becoming widespread. An attack happened recently to online stores that use Magento software.

Consumers are most vulnerable when they manually enter credit card information on a web form. That’s where a credit-card skimmer could be lurking.


“Limit the number of times you have to manually enter your credit card data. Rely on platforms where that information is already stored in your account or use one-time payment options,” says Malwarebytes Lab, part of Malwarebytes.

More on Fox News.