Skip to main content

Payment card-skimming malware targeting 4 sites found on Heroku cloud platform

posted onDecember 4, 2019
by l33tdawg
Arstechnica
Credit: Arstechnica

Payment card skimmers have hit four online merchants with help from Heroku, a cloud provider owned by Salesforce, a researcher has found.

Heroku is a cloud platform designed to make things easier for users to build, maintain, and deliver online services. It turns out the service also makes things easier for crooks to run skimmers that target third-party sites. On Wednesday, Jérôme Segura, director of threat intelligence at security provider Malwarebytes, said he found a rash of skimmers hosted on Heroku. The hackers behind the scheme not only used the service to host their skimmer infrastructure and deliver it to targeted sites. They also used Heroku to store stolen credit-card data. Heroku administrators suspended the accounts and removed the skimmers within an hour of being notified, Segura told Ars.

This is not the first time cloud services have been abused by payment card skimmers. In April, Malwarebytes documented similar abuse on Github. Two months later, the security provider reported skimmers hosted on Amazon S3 buckets. Abusing a cloud provider makes good sense from a crook's point of view. It's often free, saves the hassle of registering look-alike domain names, and delivers top-notch availability and bandwidth.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th