A credit card skimmer campaign goes after sites running Microsoft’s IIS servers with an outdated version of the ASP.NET framework. The skimmer triggers on credit card numbers or passwords, although the latter appears to be incorrectly implemented. All the compromised sites we identified had a shopping portal, and this is exactly what the attackers were after. The campaign has been active in the wild since mid-April, and is targeting websites hosted on Microsofts IIS server. The attackers can and will go after any victim when the opportunity is there.”]
Source: https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/

