Lost in the Ether: Unravelling a JavaScript Card Skimming Campaign | Trinity Cyber

This report explains an active and sophisticated payment‑skimming campaign dubbed “EtherHiding” in which attackers inject a small obfuscated JavaScript loader into legitimate e‑commerce sites, retrieve additional obfuscated loaders from smart contracts on the Binance Smart Chain, perform anti‑analysis checks, and stream a Magecart‑style skimmer over WebSockets to capture and exfiltrate credit card data and credentials; the use of blockchain hosting, heavy obfuscation, and in‑browser operation increases persistence, evasion, and takedown resistance, and Trinity Cyber recommends Full Content Inspection to block such threats.