The world-famous storage solution provider Tupperware has had its website compromised by attackers to steal credit card payment details at checkout. Discovered by Malwarebytes researchers, the cybercriminals used a method that is different than recent attacks against online shopping checkout pages. Instead of modifying the website’s JavaScript code to steal from the form fields of the checkout page, the attackers integrated a malicious iframe that displayed a fake payment form field to customers. The iframe loaded the content from “deskofhelp[.].com,” a domain that was only recently created and is hosted on a server with multiple phishing domains. The JavaScript code to load the iframe was hidden inside a PNG image file hosted on the Tupperware web server; the JavaScript was appended to the end of the image data. Tupperware has fixed the issue and the payment form is now loading the payment form from the legitimate domain cybersource.com, which is owned by Visa.
Analyst Notes
Customers who were affected by this compromise should employ their financial institution’s resources to check for suspicious transactions and possible identity theft. Consumers can also obtain a free copy of their credit report by visiting annualcreditreport[.].com. Organizations operating websites that include a checkout page should perform regular security audits to identify changes to website page content, changes to JavaScript files used by the website, and suspicious changes to image files that were not planned. A well-configured Content Security Policy (CSP) for the website can prevent the checkout page from loading content from unexpected domains, unless the attacker has access to the server to change the CSP and other content directly. Actively monitoring servers using Endpoint Detection and Response (EDR) for signs of attacker behaviors provides early warning of an intrusion and allows organizations to take quick action, stopping attacks before they can do extensive damage.
To read more: https://www.bleepingcomputer.com/news/security/tupperware-site-hacked-with-fake-form-to-steal-credit-cards/
