VISA has issued a warning about the increase of web shells being used by threat actors to steal credit card details. VISA has seen a rise in the number of threat actors using web shells on compromised servers in order to extract credit card details stolen from customers making payments online.
VISA has said that in the last year they have seen growing trends in web shell usage, especially for web skimming attacks where the shells are used to inject JavaScript-based scripts, also referred to as credit card skimmers, into online stores with vulnerabilities.
VISA has said, “throughout 2020, Visa Payment Fraud Disruption (PFD) identified a trend whereby many eSkimming attacks used web shells to establish a command and control (C2)during the attacks.”