Emerging hacker group MirrorThief Card skimming details

Card Skimming is very serious cyber crime that has been being carrying out by shady individuals for years. Recently, it was reported that 201 US and Canadian college online stores had been a victim of Card-Skimming attack. It seems here that it is a creation of a new hacker group, whom experts named “Mirrorthief” who manages to get the hand of the credit card details such as Credit card numbers, verifications numbers, card type and other important credentials stored on the Credit or debit Card.

Card Skimming

For your information, Card Skimming or Credit Card Skimming is a type of Credit Card theft where crooks use some small device to steal credit card credentials in legitimate credit or debit card transaction, which allow the crooks get the details of the credit card such as credit card numbers, verification numbers, card type, expiry date, the name of the holder, their phone number and the address stored on card’s magnetic stripe when it is swiped through the skimmer.

About MirrorThief Card Skimming

In the MirorThief Card Skimmer, a Javascript is hided under the Checkout of the infiltrated websites. It seems that the hackers group has created some threat to target PrismWeb based payment page which is the campus stores used e-commerce platform. The threat resembles a legitimate Google Analytics website which is mimics by using Radar.

 The skimmed payment details stored under JSON file which had given a security under AES encryption and base 64 encoding before beginning the transfer. The skimmer code creates an HTML image tag on compromised server. The compromised server contains an URL to the attackers’ server and additional parameters that are used to append the encrypted JSON file. The image.jpg works with 1-pixel image, this means, it will be noticed only by closed looks.

This is not happen first time. Previously, there has been very similar attack but the attackers were different. That Card Skimming operation was carried out by a hacking group Megacart.