Payment card-skimming malware targeting 4 sites found on Heroku cloud platform

by
Dan Goodin
from Ars Technica - All content on (#4W3GR)
payment-cards.jpg

Enlarge (credit: Mighty Travels / Flickr)

Payment card skimmers have hit four online merchants with help from Heroku, a cloud provider owned by Salesforce, a researcher has found.

Heroku is a cloud platform designed to make things easier for users to build, maintain, and deliver online services. It turns out that the service also makes things easier for crooks to run skimmers that target third-party sites.

On Wednesday, Ji(C)rime Segura, director of threat intelligence at security provider Malwarebytes, said he found a rash of skimmers hosted on Heroku. The hackers behind the scheme not only used the service to host their skimmer infrastructure and deliver it to targeted sites. They also used Heroku to store stolen credit-card data. Heroku administrators suspended the accounts and removed the skimmers within an hour of being notified, Segura told Ars.

Read 7 remaining paragraphs | Comments

index?i=9UIqkC3j6d8:F0WCNb5GUlA:V_sGLiPB index?i=9UIqkC3j6d8:F0WCNb5GUlA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments