WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

Overview

Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data," Sansec said in a report published this week.

Organisations Involved

The following organisations are mentioned in relation to this incident: Commerce Sites
Cybersecurity, Skimmer Bypasses, Steal Payment Data.

Multi-Source Coverage

This event has been reported across multiple outlets:

• WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites — thehackernews

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.