iTnews
  • Home
  • News
  • Technology
  • Security

Card skimming raids plague online stores

By Juha Saarinen on Jun 29, 2020 11:44AM
Card skimming raids plague online stores

Quick and lucrative.

Online criminals continue to target web stores with credit card information skimmers as these represent rich and easy pickings, according to Malwarebytes' director of threat intelligence Jérôme Segura.

Segura told iTnews the security vendor is seeing about a dozen online stores a day getting hacked, with a payments details stealing skimmer added.

It recently discovered a compromised merchant site that uses the popular WooCommerce plugin for Wordpress that had malicious code appended to a legitimate script.

Analysing the code, Malwarebytes found that the site would load favicon.ico file with the merchant's logo from a server hosted on a company with a United Arab Emirates physical address.

Malwarebytes analysts found skimmer Javascript code inserted into the metadata headers for the favicon.ico image file.

This is not the first time malicious code has been injected into header fields in image files, but Malwarebytes believes it's the first time the technique has been used to deploy a skimmer.

Once the Javascript had executed and captured user payment form data such as name, billing address and credit card details, it would encode the stolen information with Base64 and send the data to the criminals as an image file.

A complete skimmer toolkit was left by the criminals on a compromised host and found by Malwarebytes which examined it and found connections to a Magecart group.

Magecart is skimmer malware that has targeted Adobe's Magento e-commerce software over the past few years.

Segura said that regardless of the content management system (CMS) being used, proper patch management and hardening is necessary.

"Most incidents occur because a known vulnerability is found and exploited," Segura said.

Big brands and small stores are being hit by the hackers, with most activity being in the United States but other contries are also affected, Malwarebytes has found.

The attacks are financially motivated with mostly automated scans being used to identify vulnerable sites, Segura explained.

"We’ve heard about websites getting hacked for years and with various intents.

"Credit card skimming is probably one of the most lucrative schemes right now, so attackers are spending more efforts and attention on e-commerce sites instead of other CMS platforms," he said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
automatticmagecartmalwarebytessecuritywoocommercewordpress

Partner Content

Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
By Juha Saarinen
Jun 29 2020
11:44AM
0 Comments

Related Articles

  • GoDaddy took weeks to revoke compromised certificates
  • Gravatar profile add-on leaks data on millions of users
  • GoDaddy security breach exposes WordPress users' data
  • Qld gov proposes mandatory data breach reporting for agencies
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Service NSW hits digital services goal two years early

Service NSW hits digital services goal two years early
SA Police ignores Adelaide council plea for facial recognition ban on CCTV

SA Police ignores Adelaide council plea for facial recognition ban on CCTV
NBN Co says TPG tie-up could help Telstra sidestep spectrum limits

NBN Co says TPG tie-up could help Telstra sidestep spectrum limits

Digital Nation

Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
The security threat of quantum computing
The security threat of quantum computing
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.