Connect with us

Hi, what are you looking for?



Police Warn Hundreds of Online Merchants of Skimmer Infections

Law enforcement authorities in 17 countries discovered more than 400 online merchants infected with skimmers.

More than 400 online merchants were notified of digital skimmer infections in a coordinated international operation, Europol announced.

Law enforcement agencies in 17 countries participated in this effort to identify infected ecommerce sites and alert businesses that their customers’ credit card information has been compromised.

The recent operation against online fraud, led by Greece, also resulted in two dozen new digital skimmers being identified.

Also known as JavaScript-sniffers or JS-sniffers, these skimmers are the malware families that cybercriminals inject into legitimate websites to steal personal and card information.

According to Group-IB, the threat intelligence firm that supported Europol and participating law enforcement agencies in this operation, there are 132 digital skimmer families known to date.

Some of the skimmers identified in this operation include AngryBeaver, ATMZOW, FirstKiss, FakeGA, health_check, Inter, and R3nin.

“Digital skimming, which has grown in scale, impact, and sophistication over recent years, involves the illicit practice of extracting credit card or payment card details from customers making online purchases from websites that have been infected with JS-sniffers,” Group-IB notes.

Both Europol and Group-IB warn that digital skimming may go unnoticed for a long time, and that the stolen payment card data is typically sold to other cybercriminals or used to perform various types of fraud.

Advertisement. Scroll to continue reading.

Cybercriminals also use illicit services that allow them to check the validity of the stolen credit card data before using it fraudulently. Earlier this year, authorities in the US charged a Russian national for operating such a service, which is estimated to have been used to check millions of cards yearly.

Related: See Tickets Alerts 300,000 Customers After Another Web Skimmer Attack

Related: Underground Carding Marketplace Joker’s Stash Announces Shutdown

Related: Website of Canadian Liquor Distributor LCBO Infected With Web Skimmer

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Shay Mowlem named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.