Cert-In, the government's cybersecurity agency has recently warned people against incidents of credit and debit card skimming on e-commerce websites across the world.
Government's cybersecurity agency warns about card skimming through various e-commerce sites

New Delhi: Cert-In, the government's cybersecurity agency has recently warned people against incidents of credit and debit card skimming on e-commerce websites across the world. According to the reports, the card skimmers are targetting Microsoft ASP.NET sites to defraud people. This has to be mentioned that cybercriminals adds skimming code on online shopping websites to steal credit card information shared by customers.

The CERT-In advisory stated that, Credit card skimming us spreading worldwide via serveral e-commerce sites. Cybercriminals are attacking e-commerce sites because of their worldwide popularity and the environment LAMP (Linux, Apache, MySQL, and PHP). Meanwhile, skimmers attacked on the sites which were hosted on Microsoft's IIS server running with the ASP.NET web application framework.

Several sports organizations, health, e-commerce websites etc. are affected by this attack and are identified running with ASP.NET version 4.0.30319, which is no longer officially supported by Microsoft. Now, these sites may contain multiple known/unknown vulnerabilities. According to the agency, skimmers might have obfuscated malicious code into one of their compromised JavaScript library.

The agency has also shared the names of skimmer hosting sites:

idpcdn-cloud[.]com
joblly[.]com
hixrq[.]net
cdn-xhr[.]com
rackxhr[.]com
thxrq[.]com
hivnd[.]net
31[.]220[.]60[.]108