E-commerce sites infected, data of over 1,700 credit cards stolen
E-commerce websites frequented by Singaporeans said to be infected by software which stole data from more than 1,700 cards
A skimming software is said to have infected multiple e-commerce websites frequented by Singaporeans, resulting in the data of more than 1,700 credit cards being stolen and sold on the Dark Web in a single database, in one of the biggest cases here.
Singapore-based cyber-security firm Group-IB said this database was one of many linked to 26,102 payment cards issued by Singapore banks that it found sold on the Dark Web from January to last month. The estimated underground value of the cards was US$1.8 million (S$2.5 million).
The firm said skimmers used the malicious software to intercept payment card details on infected websites, and then sold the data on the Dark Web - a part of the Internet accessible only via special software which allows users to remain anonymous or untraceable.
Group-IB said the case involving the stolen details of 1,726 cards was significant because, on average, the number of compromised Singapore-linked credit cards uploaded in a single database onto the Dark Web rarely exceeded several hundred, based on its review period of January to last month.
The firm declined to reveal which websites were infected, but said they were frequented by Singaporeans and were based both locally and overseas.
A 2017 study by online saving platform Flipit showed that three in five Singaporeans shop online.
Group-IB said the database in question was named «31.03-SG_MIX_SNIFF», which suggests the malware called JavaScript-sniffers (JS-sniffers) was used.
The malware acts as the digital equivalent of a traditional credit card skimmer - a small device installed on automated teller machines to intercept bank card details. JS-sniffers can intercept different types of payment and other personal details.
Group-IB said: "Usually, a few lines of code injected into websites can capture data entered by customers, such as payment card numbers, names, addresses, passwords. A multi-linked chain of victims of JS-sniffers includes online shoppers, online stores, payment systems and banks.
"Quite often, neither a customer nor a website owner can detect the activity of JS-sniffers."
A report that Group-IB issued in April said JS-sniffers had infected 2,440 websites globally. JS-sniffers are capable of injecting fake Web forms - made to look like legitimate payment forms from firms such as PayPal and Stripe - in order to steal customer payment data from online stores.
The Monetary Authority of Singapore (MAS) said it monitors cyber threats and attacks that result in payment card fraud. "MAS requires financial institutions in Singapore to implement information technology controls to protect sensitive information from unauthorised disclosure," said a spokesman.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now