Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

The Hacker News by The Hacker News
March 26, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananMar 26, 2026Malware / Web Security

Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls.

“Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data,” Sansec said in a report published this week.

The attack, which targeted a car maker’s e-commerce website, is said to have been facilitated by PolyShell, a new vulnerability impacting Magento Open Source and Adobe Commerce that allows unauthenticated attackers to upload arbitrary executables via the REST API and achieve code execution.

Notably, the vulnerability has since come under mass exploitation since March 19, 2026, with more than 50 IP addresses participating in the scanning activity. The Dutch security company said it has found PolyShell attacks on 56.7% of all vulnerable stores.

The skimmer is designed as a self-executing script that establishes a WebRTC peer connection to a hard-coded IP address (“202.181.177[.]177”) over UDP port 3479 and retrieves JavaScript code that’s subsequently injected into the web page for stealing payment information. 

The use of WebRTC marks a significant evolution in skimmer attacks, as it bypasses Content Security Policy (CSP) directives. 

“A store with a strict CSP that blocks all unauthorized HTTP connections is still wide open to WebRTC-based exfiltration,” Sansec noted. “The traffic itself is also harder to detect. WebRTC DataChannels run over DTLS-encrypted UDP, not HTTP. Network security tools that inspect HTTP traffic will never see the stolen data leave.”

Adobe released a fix for PolyShell in version 2.4.9-beta1 released on March 10, 2026. But the patch has yet to reach the production versions.

As mitigations, site owners are recommended to block access to the “pub/media/custom_options/” directory and scan the stores for web shells, backdoors, and other malware.



Source link

The Hacker News

The Hacker News

Next Post
GIGABYTE veröffentlicht die Z890 Plus Motherboards inklusive des Top-Modells Z890 AORUS ELITE DUO X mit CQDIMM-Unterstützung

GIGABYTE veröffentlicht die Z890 Plus Motherboards inklusive des Top-Modells Z890 AORUS ELITE DUO X mit CQDIMM-Unterstützung

Recommended.

GIGABYTE stellt auf der COMPUTEX 2026 unter dem Motto ENTER INFINITY das neue KI-Ökosystem und immersive Computererlebnisse vor

GIGABYTE stellt auf der COMPUTEX 2026 unter dem Motto ENTER INFINITY das neue KI-Ökosystem und immersive Computererlebnisse vor

May 28, 2026
Vect ransomware actually destructive wiper malware | Computer Weekly

Vect ransomware actually destructive wiper malware | Computer Weekly

April 28, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio