An investigation by Dutch developer Willem de Groot revealed that thousands of online stores, including numerous South African websites, have been compromised and are stealing users’ credit card details.
De Groot said hackers gained access to the compromised websites’ source code using unpatched security flaws.
“This wiretap operates transparently for customers and the merchant. Skimmed credit cards are then sold on the dark web,” said de Groot.
He added that online skimming is very effective, because it is hard to detect and it is near impossible to trace the thieves.
South African online stores
De Groot published a list of 5,900 compromised stores on Github, but it was quickly removed.
“After publishing a list of compromised online stores, I was contacted by several persons who claimed their site had not been compromised, and who threatened to sue me,” said de Groot.
However, these sites were all compromised, pointing to archive.org which he said “provides solid proof”.
“I have, prior to publication, submitted all URLs and malware samples to Google’s Safe Browsing team. They have since only acted upon a small portion of the sites,” he said.
He said he understands that being included in the list can be painful for a merchant, but this was needed to prevent the problem from growing.
MyBroadband tested the listed South African websites, and all of them were blocked by anti-malware software or browser warnings.
MyBroadband informed all the South African websites on the list of the compromise before going live with the article.
Here are the South African websites which were included in the compromised site list.