More than 400 online merchants were notified of digital skimmer infections in a coordinated international operation, Europol announced.
Law enforcement agencies in 17 countries participated in this effort to identify infected ecommerce sites and alert businesses that their customers’ credit card information has been compromised.
The recent operation against online fraud, led by Greece, also resulted in two dozen new digital skimmers being identified.
According to Group-IB, the threat intelligence firm that supported Europol and participating law enforcement agencies in this operation, there are 132 digital skimmer families known to date.
Some of the skimmers identified in this operation include AngryBeaver, ATMZOW, FirstKiss, FakeGA, health_check, Inter, and R3nin.
“Digital skimming, which has grown in scale, impact, and sophistication over recent years, involves the illicit practice of extracting credit card or payment card details from customers making online purchases from websites that have been infected with JS-sniffers,” Group-IB notes.
Both Europol and Group-IB warn that digital skimming may go unnoticed for a long time, and that the stolen payment card data is typically sold to other cybercriminals or used to perform various types of fraud.
Cybercriminals also use illicit services that allow them to check the validity of the stolen credit card data before using it fraudulently. Earlier this year, authorities in the US charged a Russian national for operating such a service, which is estimated to have been used to check millions of cards yearly.