Research has found almost 6,000 web shops are unknowingly harbouring malicious code that is stealing the credit and debit card details of customers.
Dutch developer, William De Groot, found the 5,925 compromised sites by scanning for the specific signature of the data-stealing code in website software.
He said the code has been injected into the sites by cyber thieves and some of the stolen data was sent to servers based in Russia.
In a blog post Mr De Groot said the attackers exploited well know vulnerabilities in several different widely used web retailing programs.
He said that once the attackers gained access, they injected a short chunk of obfuscated code that copied credit card and other payment information.
Stolen data was being sold on dark web markets at a rate of about £25 per card.De Groot’s research found nine separate types of skimming code on sites, suggesting many different crime groups were involved.
Mr De Groot wrote in a blog post: "New cases could be stopped right away if store owners would upgrade their software regularly.
But this is costly and most merchants don't bother."I would recommend consumers to only enter their payment details on sites of known payment providers such as Paypal."They have hundreds of people working on security; the average store probably has none."
View Internet News Archive