WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

2026-03-26

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

A new payment skimmer leveraging WebRTC data channels has been discovered targeting e-commerce sites, effectively bypassing Content Security Policy controls.

•Instead of HTTP requests or image beacons, the malware uses WebRTC data channels to load its payload and exfiltrate stolen payment data
•The attack exploits PolyShell, a vulnerability in Magento Open Source and Adobe Commerce that allows unauthenticated attackers to upload executables via the REST API
•PolyShell has been under mass exploitation since March 19, 2026, with 56.7% of vulnerable stores affected across 50+ scanning IP addresses
•WebRTC traffic runs over DTLS-encrypted UDP, making it invisible to HTTP-based network security tools and bypassing strict CSP directives
•

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture