Summary

A new payment skimmer has been identified that leverages WebRTC data channels to bypass Content Security Policy (CSP) and steal payment information from e-commerce sites.

Key Points

• The skimmer uses WebRTC data channels instead of traditional HTTP requests or image beacons.
• This method allows the malware to load its payload and exfiltrate stolen payment data without being detected by standard security measures.
• The discovery was reported by cybersecurity firm Sansec in a report published this week.
• The attack targets e-commerce sites, posing a significant risk to online payment security.

Analysis

The use of WebRTC data channels by this skimmer represents a novel approach to evading security controls like CSP. This technique highlights the evolving tactics of cybercriminals in targeting e-commerce platforms. As WebRTC is typically used for peer-to-peer communications, its exploitation for data exfiltration is particularly concerning and underscores the need for enhanced monitoring and security strategies.

Conclusion

IT professionals should prioritize updating security protocols to detect and mitigate threats using WebRTC channels. Regularly reviewing and strengthening CSP configurations and monitoring for unusual WebRTC activity can help protect e-commerce platforms from such sophisticated attacks.