Credit Card-Skimming Malware Found on Senate Republican Fundraising Site

A Dutch developer found credit card-stealing code on a site to raise funds for Republican senators, according to a report.

Developer Willem De Groot found code on the National Republican Senatorial Committee’s store that skimmed donors’ first and last names, email address, billing address, employer details, occupation, card type, card number, card expiration and security identification number, according to CSO Online.

NRSC’s site has been cleaned up, but De Groot estimates it was infected between March 16 and Oct. 5. The code sent the stolen data to various domains, including one hosted by Dataflow, a company associated with various illicit services like money laundering, spamming and phishing.

NRSC’s store is among roughly 5,900 e-commerce sites De Groot identified running one of nine variants of the malicious JavaScript code, which suggests multiple people or groups are involved, according to an Ars Technica report.