Hackers Exploit Stripe API for Web Skimming Card Theft on Online Stores

Hackers are using a sophisticated web-skimming campaign targeting online retailers, utilizing a deprecated Stripe API to validate stolen credit card details in real-time. The attack involves injecting malicious JavaScript code into checkout pages, obfuscating crucial URLs, and using Stripe’s API to validate card details before transmitting them to malicious servers. Researchers have identified around 49 affected merchants and recommend implementing real-time webpage monitoring solutions to detect unauthorized script injections.