Formjacking

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Formjacking is a type of malware attack that targets online forms to steal users' sensitive information. As server-side security has improved, hackers have shifted their focus to more vulnerable points, including third-party services and connections within an application's infrastructure. Formjacking attacks involve infecting a web form via a third-party provider, often leading to the theft of user data such as banking details, ID numbers, addresses, or credit card numbers. This method of cyberattack has seen a significant increase, with one source reporting a 78% rise and two-thirds of companies experiencing a supply chain attack. Several notable incidents highlight the severity of formjacking attacks. In 2018, hackers exploited this technique to collect payment card data from 380,000 British Airways customers by embedding malicious scripts on the baggage claim information page of the airline’s website. The scripts captured data entered by visitors and relayed it back to the hackers’ server. In California in 2022, a single formjacking attack on a third-party plugin led hundreds of restaurant websites to lose tens of thousands of customer records, demonstrating the wide-reaching impact of these attacks. The most massive formjacking attack occurred in January 2023 when one of Canada’s largest beverage retailers fell victim. Despite the organization's best efforts to protect their application environments and customers' personal data, the information users entered on the browser side was exposed to third-party services embedded in their applications. To combat this rising threat, organizations are turning to real-user behavioral detection technology, which protects websites from JavaScript threats such as web skimming, formjacking, and Magecart attacks. These technologies represent a crucial step forward in securing user data and maintaining trust in digital platforms.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Formjacking Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
8 months ago
The application supply chain exposed
CERT-EU
5 months ago
Open banking must step up its fraud prevention
CERT-EU
4 months ago
The costs of cybercrime: $45 billion - Panda Security Mediacenter
CERT-EU
8 months ago
Akamai Vs. Cloudflare WAF