The Good Tech Companies - SecurityMetrics Uncovers a Global E-Skimming Operation Targeting Nearly 700 E-Commerce Sites
Episode Date: May 24, 2026This story was originally published on HackerNoon at: https://hackernoon.com/securitymetrics-uncovers-a-global-e-skimming-operation-targeting-nearly-700-e-commerce-sites. ... SecurityMetrics uncovered a 693-site e-skimming campaign using fake Stripe forms, Cloudflare masking, and multi-channel data theft infrastructure. Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #pci-compliance, #penetration-testing, #e-skimming, #card-skimming-malware, #securitymetrics, #mutationobserver-malware, #cloudflare-abuse, #good-company, and more. This story was written by: @pr-securitymetrics. Learn more about this writer by checking @pr-securitymetrics's about page, and for more stories, please visit hackernoon.com. Affecting nearly 700 websites, this e-skimming operation was designed to evade detection and impersonate legitimate payments through multiple redundant channels. Notably, it doesn't simply steal data, but it identifies victims and sorts stolen credentials by merchants.
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
Security Metrics uncovers a global e-skimming operation targeting nearly 700 e-commerce sites
by PR Security Metrics.
Oram, Utah, May 26, 2026 Security Metrics forensic experts discovered and skimming operation
spanning across 693 e-commerce websites.
Using proprietary forensic investigation tools, they linked these disparate attacks to a single
infrastructure fingerprint. This e-skimming operation is designed to evade detection, to impersonate
legitimate payment forms, and to exfiltrate stolen card data through multiple redundant channels.
The campaign is characterized by a deliberate infrastructure with rapid domain rotation and low cost per domain.
All 693 malicious domains share a specific registration profile. The TLD, registered under the dot
top generic TLD. The registrar, Nice NIC International Group
Company, Limited, IonA number 3,765, headquartered in Hong Kong.
The mask.
All domains resolve through Cloudflare nameservers, giving them the performance benefits
and IP masking properties of a legitimate CDN.
The forensic analyst team at security metrics revealed several high-level functions that separate
this kit from run-of-the-mill malware, including its 1.
Anti-analysis and DevTools Detection 2.
Form Interception 3.
Stripe Impersonation 4. Dom Surveillance via Mutation Observer 5. Multichannel data exfiltration
6. Clipboard hijacking 7. Data payload structure greater than, this threat actor campaign isn't
just stealing data, it's identifying greater than victims. The exfiltrated data object includes the
user's browser agent and the greater than compromised site's origin, allowing the operator to sort
stolen credentials by greater than merchant, said Aaron Willis, VP of forensic investigations at
greater than security metrics. Greater than e-commerce website merchants can protect against this type of
attack by using greater than tools like security metrics shopping cart monitor, which automatically
searches greater than for e-skimming software maliciously installed on websites. In a landscape where
attackers are using professional grade infrastructure, you need forensic grade protection. Security
metrics consistently monitors and discovers data trends, like this e-skimming operation, so their
customers can rest assured their data is protected. Dot to find out
more about the technical nature of this attack.
V-I-I-T-H-T-T-P-S-Colon slash-W-W.
security metrics.com slash blog slash security metrics dash uncovers dash-7-0-0-Sight
global-skimming-dash-Operation about security metrics.
Security metrics secures peace of mind for organizations that handle sensitive data.
From local shops to some of the world's largest brands, security metrics helps businesses
achieve data security with penetration testing, vulnerability.
CABANLANALIS, Security Consulting, Managed Services and Compliance Mandates, PCI, CMMC, HIPAA, GDPR, High Trust, Security Metrics as a PCI-certified
approved scanning vendor. ASV, qualified security assessor, QSA, certified forensic investigator, PFI, CMMMC-certified
registered provider organization, RPO, and managed security provider with over 25 years of data
security experience. They have tested over 100 million systems for data security and compliance.
They are privately held and headquartered Enoram, Utah, where they maintain a security
operation center, SOC, and 24-7 multilingual technical support. For press inquiries, email PR at
at security metrics.com. Social, LinkedIn, X, FB, Instagram, YouTube, at security metrics.
Thank you for listening to this Hackernoon story, read by artificial intelligence.
Visit hackernoon.com to read, write, learn and publish.