Web-based keylogger used to steal credit card data from popular sites

Discussion in 'malware problems & news' started by Minimalist, Oct 7, 2016.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    https://threatpost.com/web-based-keylogger-used-to-steal-credit-card-data-from-popular-sites
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    This is why 100 % of the time I use "virtual credit cards" linked to my actual credit card numbers. NO online site ever sees my REAL number, no exceptions.
     
  3. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Nasty. When I see articles like this it makes me glad I don't do online financial stuff.
    What are they and how do they work?
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Excerpt from the Threatpost article:

    When a checkout form is detected, the script tag injects the keylogger JavaScript from an external domain
    Would not for example IE11, detect this via its "access data sources across domains" validation which is disallowed by default at the medium-high security level?
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I have no idea, I wonder if this type of stuff is detectable at all for endpoint security tools. I'm afraid only server based security tools can stop this.
     
  7. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Not at all. It's true that a strict CSP can stop this but most sites don't do that. But that doesn't mean that you cannot protect yourself against such threats: Running uBlock Origin in medium mode (with all 3rd-party scripts and frames blocked) should be sufficient.
     
  8. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    do you guys think uBlock Origin is any better then AdGuard ?
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I don't know if AdGuard can block 3rd party scripts and similar. AFAIK it only blocks ads, trackers and popups.
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,402
    I carry a credit card from my bank. When I want to shop online I log into my bank and generate a "vritual card", which appears exactly as a real card to the merchant. My bank generates a new number, expiration, security code on back, etc..... For all practical purposes it IS a real card, which is linked to my ACTUAL card. When merchant X uses the virtual number as a credit card to complete the transaction their merchant number then is the ONLY merchant # that can process a charge to that number. I control the spending limit so if I am buying something for 50 bucks I might generate a card with a 60 limit and I am not exposed to a 25K limit as on my real card. As soon as the transaction completes I generally log in to my bank in a day anyway, and while I am there I blow away the virtual number. I can have as many virtual cards as I want. No merchant ever can know my real account number. Its easy!
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    So you're saying that blocking third party scripts and frames is enough to mitigate this? The only problem is that this will often break sites. That's why I started using Ghostery because it only blocks third party scripts related to ads.
     
  12. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    So you're assuming that those malicious scripts are only related to ads. Good luck!
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I'm trying to say that blocking all third party scripts is not a viable solution for me, because it will break sites, while Ghostery does not.
     
  14. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Yes, but that means that Ghostery doesn't necessarily protect you against all malicious 3rd-party scripts. Besides, it's easy to allow (and save till eternity) what's needed and trustworthy in the local column of Dymanic Filtering in uB0 for sites you frequently visit. The same is true for those ecommerce sites: Even if you allow 3rd-party scripts on all other sites, you can block all 3rd-party stuff on those sites where you want to use your credit card and allow only selectively what's needed to make them work. That's the beauty of site-specific permissions: Its introduction to uBlock0 is the best innovation since the invention of sliced bread.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  16. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Well, your original statement was that only server based tools would protect against that threat. I said that uB0 can also protect you - but some micro-management would be necessary. Security is not a free lunch (as Milton Friedman would have put it).

    And again: As mentioned in my last post it is not necessary to do this micro-management on all websites if you don't want it. Rather, you can use uB0 with its default settings (i.e. only static filtering is applied). I suggested to use Dynamic Filtering on specific sites only where you use your credit card. How many such sites are you using? A handful? Applying dynamic filter rules for 5 or 6 or perhaps 10 sites only and saving your decisions with the padlock once and forever - is that really so problematic and inconvenient?
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I will have to check this out, and see what happens. It must not break anything of course. In the past I did block all third party scripts, mainly to gain speed, but I got tired of having to allow scripts, so that's why I decided to block only third party scripts related to ads. But just to be clear, you're saying that the manipulated content on hijacked sites will 100% not be visible when you block third party scripts and frames, correct?
     
  18. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Well, that's what that threatpost.com article says:
    So blocking those 3rd-party scripts will definitely stop these attacks. I would blacklist 3rd-party scripts and 3rd-party frames on those few sites in the local column of Dynamic Filtering and (not allow but) noop only the necessary domains (if at all) after a diligent inspection. And save that with the padlock once all is well. This doesn't take long for only a couple of sites.
     
  19. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    appears adguard must use another form of page checks besides the hash of a black list.

    "If you are using Adguard for Windows, then in addition to the page itself, we check each object loaded on it, giving you the best protection."

    https://adguard.com/en/how-malware-blocked.html
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    OK I see. Too bad that this type of stuff is not mentioned in these kind of articles.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.