Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Vietnam Launches NDAChain, the National Blockchain Platform to Acceler...
Elitery a Pioneering MSSP Partner for Google Cloud’s “Indo...
Asia Pacific’s Mobile Sector Adds $950 Billion to GDP; On Track ...
PT Kereta Api Indonesia announces nationwide email and communication o...
Will governments assert stronger oversight over tech giants deemed as ...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      The rising threats and business risks of machine identities

      The rising threats and business risks of machine identities

      Tuesday, July 22, 2025, 12:19 PM Asia/Singapore | Features, IoT Security
    • Featured

      The future of AI-powered cybersecurity

      The future of AI-powered cybersecurity

      Monday, July 21, 2025, 4:04 PM Asia/Singapore | Features, Newsletter, Tips
    • Featured

      Transcending digital disruption: How financial institutions can integrate innovation, security, and agility

      Transcending digital disruption: How financial institutions can integrate innovation, security, and agility

      Thursday, July 10, 2025, 4:16 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Features
    • Featured

      The rising threats and business risks of machine identities

      The rising threats and business risks of machine identities

      Tuesday, July 22, 2025, 12:19 PM Asia/Singapore | Features, IoT Security
    • Featured

      The future of AI-powered cybersecurity

      The future of AI-powered cybersecurity

      Monday, July 21, 2025, 4:04 PM Asia/Singapore | Features, Newsletter, Tips
    • Featured

      Transcending digital disruption: How financial institutions can integrate innovation, security, and agility

      Transcending digital disruption: How financial institutions can integrate innovation, security, and agility

      Thursday, July 10, 2025, 4:16 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning
News

Sophisticated web skimming campaign exploits OpenCart sites with covert fake payment forms

By CybersecAsia editors | Friday, July 18, 2025, 2:06 PM Asia/Singapore

Sophisticated web skimming campaign exploits OpenCart sites with covert fake payment forms

Attackers are using advanced web skimming and script injection to phish sensitive financial information from online shoppers in East Asia.

A newly identified cyberattack is actively targeting e-commerce platforms across East Asia that use the OpenCart content management system, according to fresh threat intelligence emerging this week.

Security researchers have detected a campaign that injects a malicious fake credit card form into checkout pages of compromised online stores, allowing attackers to harvest users’ payment information when filling out transaction details.

Unlike generic malware or standard Magecart (web skimming) operations, this campaign is notable for its technical sophistication and evasiveness. The malicious script disguises itself as a Google Analytics integration, and is deeply obfuscated: it leverages advanced code techniques such as dynamic evaluations and input masking. Rather than deploying a general-purpose keylogger or clipboard sniffer, the attack focuses specifically on capturing only payment form data entered manually by shoppers, reducing its detectable footprint.

The fake form is designed to blend in with the online retailer’s existing user interface and sits hidden among legitimate third-party scripts, making it difficult for store owners to spot. Payment data, including card numbers and subsequent banking details, is validated by the injected form before being instantly exfiltrated to attacker-controlled infrastructure.

Analysis has linked the backend command-and-control communications to domains including ultracart[.]shop and hxjet[.]pics.

Security analysts have confirmed operational use of exfiltrated card data in real-world fraudulent transactions occurring weeks after victims’ initial purchases, indicating the attackers’ ongoing and persistent access to fresh financial data.

Unlike other skimming operations that indiscriminately collect data, this group’s measured approach allows them to avoid detection for extended periods.

Disclosure of this campaign, along with technical indicators of compromise and decoded payloads, was made by security researcher Himanshu Anand, c/side, whose team had observed the malicious scripts and traced the attacker infrastructure.

Standard defense measures include monitoring and blocking suspicious scripts, enforcing PCI DSS, detecting form changes, and updating domain threat lists promptly.

Share:

PreviousSurvey of SMEs reveals most feel ready for cyber incidents, but few meet advanced security standards
NextOperationalizing sustainability in cybersecurity: Group-IB’s approach

Related Posts

Name a key misconception about cloud data management that has persisted for four years

Name a key misconception about cloud data management that has persisted for four years

Monday, March 13, 2023

Why cybercriminals time their attacks during certain periods of the year

Why cybercriminals time their attacks during certain periods of the year

Tuesday, March 5, 2024

Three-year review of credential theft unveils two hot spots

Three-year review of credential theft unveils two hot spots

Friday, March 1, 2024

No time for complacency: Seven IT trends in 2022 you should care about

No time for complacency: Seven IT trends in 2022 you should care about

Thursday, January 13, 2022

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • Operationalizing sustainability in cybersecurity: Group-IB’s approach

    Operationalizing sustainability in cybersecurity: Group-IB’s approach

    See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more
  • Thai government expands secure email management to close cybersecurity gaps

    Thai government expands secure email management to close cybersecurity gaps

    New measures address cybersecurity gaps in public sector communications, deploying advanced protections and operational support …Read more
  • How Iress optimized global DevSecOps

    How Iress optimized global DevSecOps

    Scaling compliance, security & efficiency – while seamlessly migrating to the cloud – with JFrog.Read more
  • St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    With only a small IT team, the digital transformation has united operations across 30 locations, …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.