Meta Pixel tracker script
Cybersecurity researchers have recently uncovered a sophisticated credit card skimming operation that cleverly masquerades as a harmless Facebook tracker, specifically a fake Meta Pixel tracker script.
The Mechanism of the Attack
The attackers exploit the trust placed in widely recognized scripts, such as Google Analytics or JQuery, by naming their malicious scripts in a manner that mimics these legitimate services. The fake Meta Pixel tracker script, upon closer inspection, reveals JavaScript code that substitutes references to the legitimate domain «connect.facebook[.]net» with «b-connected[.]com,» a legitimate e-commerce website that has been compromised to host the skimmer code. This substitution is a key part of the skimmer’s operation, as it allows the malicious code to execute under the guise of a legitimate service
The Skimming Process
Once the malicious script is loaded on a compromised website, it monitors for specific actions, such as a visitor reaching a checkout page. At this point, it serves a fraudulent overlay designed to capture the credit card details entered by the victim. The stolen information is then exfiltrated to another compromised site, «http://www.donjuguetes[.]es,» showcasing the multi-layered nature of this attack
Broader Implications
This incident underscores the importance of vigilance and robust security practices for website owners, especially those operating e-commerce platforms. The use of fake scripts that mimic legitimate services is a cunning strategy that can easily deceive even the most cautious individuals. As such, it is essential to employ comprehensive security measures, including the use of intrusion detection systems and website monitoring, to detect and mitigate such threats
Vkontakte
Twitter
Одноклассники
