Republican donor site malware skimmed credit cards for six months

There's bad news if you donated to Senate Republicans in the past six months: criminals have likely skimmed your credit card.

The storefront of the National Republican Senatorial Committee (NRSC) contained malware that siphoned off every credit card number that was entered since March.

The NRSC website was just one of 5,900 ecommerce sites targeted by the same criminal group.

News of the malware was first reported by Dutch security researcher Willem de Groot, who detailed on his blog how the attackers used vulnerabilities and weak passwords to inject the malware into the thousands of sites.

From there, the obfuscated JavaScript "wiretap" could siphon off card information to a collection server, where the data can be sold on the dark web for a going rate of $30 per card.

A little over just 630 stores have since been fixed, or about one-in-10, according to de Groot.

It's not known how many credit cards were taken in the attack, but estimates show that over 330,000 people may have visited the store in the past 30 days.

The malware isn't just prevalent, it's also persistent, going largely undetected for long periods of time. de Groot said that 754 stores that are skimming today have been since 2015.

What makes it difficult to notice is that the code is silently installed in a webpage's code, and to the untrained eye, looks like regular web code. And because the wiretap code runs on the page, rather than intercepting web traffic, it can run seamlessly over secure HTTPS pages, meaning the user is none the wiser to the malicious code.

"One reason that many hacks go unnoticed is the amount of effort spent on obfuscating the malware code," said de Groot. "Earlier malware cases contained pretty readable Javascript but in the last scan more sophisticated versions were discovered. Some malware uses multi-layer obfuscation, which would take a programmer a fair bit of time to reverse engineer."

A phone call to the NRSC went unanswered Tuesday.

ZDNET INVESTIGATIONS

Researchers say a breathalyzer has flaws, casting doubt on countless convictions

Lawsuits threaten infosec research — just when we need it most

NSA's Ragtime program targets Americans, leaked files show

Leaked TSA documents reveal New York airport's wave of security lapses

US government pushed tech firms to hand over source code

Millions of Verizon customer records exposed in security lapse

Meet the shadowy tech brokers that deliver your data to the NSA

Inside the global terror watchlist that secretly shadows millions

198 million Americans hit by 'largest ever' voter records leak

Britain has passed the 'most extreme surveillance law ever passed in a democracy'

Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it

Leaked document reveals UK plans for wider internet surveillance

• Researchers say a breathalyzer has flaws, casting doubt on countless convictions
• Lawsuits threaten infosec research — just when we need it most
• NSA's Ragtime program targets Americans, leaked files show
• Leaked TSA documents reveal New York airport's wave of security lapses
• US government pushed tech firms to hand over source code
• Millions of Verizon customer records exposed in security lapse
• Meet the shadowy tech brokers that deliver your data to the NSA
• Inside the global terror watchlist that secretly shadows millions
• 198 million Americans hit by 'largest ever' voter records leak
• Britain has passed the 'most extreme surveillance law ever passed in a democracy'
• Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it
• Leaked document reveals UK plans for wider internet surveillance