Visa, a global payment processor has warned that hackers are on the rise in deploying web shells in infected servers to steal credit card information from online customers. A kind of tools (scripts or programs) Web Shells are used by hackers to infiltrate into compromised, deploy remote execute arbitrary commands or codes, traverse secretly within victim's compromised network, or attach extra payloads (malicious). Since last year, VISA has witnessed an increase in the use of web shells to deploy java-script-based files termed as credit card skimming into breached online platforms in digital skimming (also known as web skimming, e-skimming, or Magecart attacks).
If successful, the skimmers allow the hackers to extradite payment information, and personal data posted by breached online platform customers and then transfer it to their controlled severs. According to VISA, "throughout 2020, Visa Payment Fraud Disruption (PFD) identified a trend whereby many e-skimming attacks used web shells to establish a command and control (C2)during the attacks. PFD confirmed at least 45 eskimming attacks in 2020 using web shells, and security researchers similarly noted increasing web shell use across the wider information security threat landscape."
As per VISA PFD findings, most Magecart hackers used web shells to plant backdoors in compromised online store servers and build a c2c (command and control) infrastructure which lets the hackers steal the credit card information. The hackers used various approaches to hack the online shops' servers, exploiting vulnerabilities in unsafe infrastructure (administrative), apps/website plugins related to e-commerce, and unpatched/out-of-date e-commerce websites. These Visa findings were confirmed earlier this February when Microsoft Defender Advanced Threat Protection (APT) team revealed that these web shells implanted on compromised servers have grown as much as twice since last year.
"The company's security researchers discovered an average of 140,000 such malicious tools on hacked servers every month, between August 2020 to January 2021," reports Bleeping Computer. "In comparison, Microsoft said in a 2020 report that it detected an average of 77,000 web shells each month, based on data collected from roughly 46,000 distinct devices between July and December 2019," it further says.