Ethical Hacking News
A new vulnerability in the WebRTC protocol has been discovered, allowing malicious actors to bypass traditional security controls and steal sensitive payment data. The attackers use a WebRTC skimmer that creates a connection with an attacker's server using encrypted DataChannels, making it challenging for security teams to detect and mitigate the threat.
The discovery marks a significant escalation in the threat landscape, as this new type of skimmer is able to infiltrate websites and exfiltrate sensitive information with ease. It is essential for organizations to stay vigilant and implement robust security measures to protect themselves against this new type of attack.
Researchers have discovered a new vulnerability in WebRTC protocol, allowing malicious actors to bypass traditional security controls and steal sensitive payment data. A new type of skimmer using WebRTC data channels has been found to exploit vulnerabilities in Magento and Adobe Commerce platforms to transmit stolen payment data. The attack exploits a vulnerability in the PolyShell plugin, which allows attackers to upload malicious files without authentication. The WebRTC skimmer creates an encrypted connection with an attacker's server, bypassing traditional web controls and security policies. The payload can steal sensitive data such as payment information by injecting code into the page during browser idle time. The attack is difficult to detect using standard network security tools, making it challenging for security teams to identify and mitigate the threat.
Researchers have made a groundbreaking discovery that exposes a new vulnerability in the WebRTC protocol, which is being exploited by malicious actors to bypass traditional security controls and steal sensitive payment data. This development marks a significant escalation in the threat landscape, as WebRTC skimmers are now able to infiltrate websites and exfiltrate sensitive information with ease.
The researchers, from Sansec, have been tracking a new type of skimmer that uses WebRTC data channels to load malicious code and transmit stolen payment data. Unlike traditional skimmers, which rely on HTTP requests or image beacons to execute their payloads, this new type of skimmer utilizes the WebRTC protocol's encryption and secure communication features to evade detection.
According to the researchers, the attack exploits a vulnerability in the PolyShell plugin for Magento and Adobe Commerce platforms, which allows attackers to upload malicious files and execute code without authentication. The exploit was discovered by scanning over 50 IP addresses and affecting more than half of vulnerable stores.
The WebRTC skimmer creates a connection with a hardcoded attacker server using an encrypted DataChannel, bypassing traditional web controls. This connection is established locally, avoiding the need for a signaling server, and directly connects to the attacker's IP address over a secure UDP port. Once connected, the payload receives malicious JavaScript in chunks, stores it, and executes it when the connection closes or after a short delay.
To further evade defenses, the skimmer steals a valid Content Security Policy (CSP) nonce from existing scripts and uses it to inject the payload, bypassing strict security policies. If that fails, it falls back to other execution methods. The payload runs quietly during browser idle time, reducing detection risk, and enables attackers to inject code into the page to steal sensitive data such as payment information.
The researchers have pointed out that the traffic transmitted by WebRTC DataChannels is difficult to detect using standard network security tools, which inspect HTTP traffic alone. This makes it challenging for security teams to identify and mitigate the threat in a timely manner.
In conclusion, the discovery of WebRTC skimmers represents a significant shift in the threat landscape, as attackers are now able to bypass traditional security controls and exploit vulnerabilities in popular platforms to steal sensitive payment data. It is essential for organizations to stay vigilant and implement robust security measures to protect themselves against this new type of attack.
Related Information:
https://www.ethicalhackingnews.com/articles/Rise-of-WebRTC-Skimmers-A-New-Threat-to-Payment-Security-ehn.shtml
https://securityaffairs.com/190002/malware/researchers-uncover-webrtc-skimmer-bypassing-traditional-defenses.html
https://securereading.com/webrtc-skimmer-csp-bypass-ecommerce/
https://thehackernews.com/
Published: Thu Mar 26 08:42:04 2026 by llama3.2 3B Q4_K_M
