Cybersecurity researchers at Jscrambler reported a new skimming attack exploiting the Stripe API to steal payment information from e-commerce sites. The method involves injecting malicious JavaScript into checkout pages to capture customer payment details in real-time before they reach Stripe's processing system. This technique poses significant risks to online merchants, with 49 compromised businesses identified so far. To mitigate risks, businesses should monitor for unexpected changes in JavaScript, network requests, and implement real-time webpage monitoring and secure iFrame solutions.
https://www.infosecurity-magazine.com/news/stripe-api-skimming-campaign-new/