The international payment system VISA warns of the activity of cybercriminals installing web shells on compromised servers. The aim of the cybercriminals is to extract the data of bank cards owned by customers of online stores.

As a rule, web shells are some kind of script or software, with the help of which threat actors gain access to hacked servers, and later execute code remotely, move within the network and deliver additional malware.

VISA analysts have been monitoring this activity throughout the last year and came to conclusion that the threat actors have begun to more often inject JavaScript-code into the pages of online stores. Such scripts are commonly known as web-skimmers.

If cybercriminals successfully inserted a web-skimmer, they would be able to intercept the payment information entered by the customer and extract the personal information of the visitor.

The researchers emphasized that the attackers used different methods to breach the online shops' servers. The threat actors used mostly vulnerabilities in applications and website plugins, and unpatched or outdated versions of e-commerce platforms.

Source: anti-malware.ru