// THREAT DETECTION AND DATA PRIVACY TERM
Formjacking
Formjacking is a type of cyberattack where criminals inject malicious code, usually JavaScript, into legitimate website forms, often on e-commerce sites, to steal sensitive data entered by users. This typically includes credit card numbers, personal information, and login credentials, which are captured as the user types them.
TECHNICAL DEFINITION
Formjacking is a client-side web attack where malicious JavaScript is injected into legitimate web forms, frequently targeting e-commerce payment pages, to surreptitiously intercept and exfiltrate sensitive user input such as credit card details, PII, and login credentials directly from the user's browser before submission to the server.
SYNONYMS & ALIASES
- Web skimming
- Magecart attack
- E-skimming
- Client-side skimming
- Digital skimming
USAGE NOTE
This threat specifically targets the client-side of web applications, requiring robust content security policies and continuous client-side monitoring to detect and mitigate.
DEVELOPERS
Organizations developing technology related to Formjacking.
Specializes in e-commerce security, providing real-time detection and removal of web skimmers and formjacking malware on online stores.
Offers client-side security solutions that prevent malicious script injections and control third-party script behavior to stop formjacking and web skimming attacks.
Provides bot mitigation and client-side protection solutions that detect and block sophisticated attacks like web skimming and formjacking, securing web applications. (Previously PerimeterX)
Delivers web application and API protection (WAAP) and client-side security that helps prevent formjacking by detecting and blocking malicious code injection and data exfiltration.
Offers comprehensive web application and API security, including client-side protection and bot management, to defend against formjacking and other web-based attacks.
Provides web application firewall (WAF), bot management, and client-side security products that help detect and mitigate formjacking attempts by monitoring and controlling website scripts.
Offers website security services, including malware detection and removal, and a web application firewall, to protect websites from formjacking and other attacks.