The international payment system VISA warns of the activity of cyber criminals installing web shells on compromised servers. The aim of the cyber criminals is to extract the data of bank cards belonging to users of online stores.

As a rule, web shells are understood as some kind of script or software, with the help of which criminals gain access to compromised servers, and later execute code remotely, move around the network and deliver additional malware.

VISA analysts have been monitoring this activity throughout the past year and have come to the conclusion that the latter have begun to more often inject JavaScript code into the pages of online stores.

Such scripts are commonly called web skimmers. If cyber criminals successfully implement a web skimmer, they will be able to intercept the payment information entered by the buyer, as well as extract the personal data of the visitor.

“In 2020, the Visa Payment Fraud Disruption (PFD) team was able to detect many web skimmer attacks in which criminals used web shells and command servers (C2).

The PFD has reported at least 45 cyber attacks, leading to the conclusion that the threat of web shells is growing, ”said VISA (reported by Bleeping Computer ).

At the same time, the researchers emphasized that the attackers used different methods to hack the servers of online stores.

Vulnerabilities in applications and website plugins, as well as unpatched or outdated versions of e-commerce platforms, were the most common targets for criminals.