U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Magento payment card stealers are being used in the wild

The security researchers at Sucuri firm discovered a malicious code that could be used to steal payment card data from Magento platform. Security experts at Sucuri have uncovered a new method used by criminals to syphon payment card data from websites based on the Magento e-commerce Platform. Researchers explained that attackers can collect any data submitted […]

Magento 2.3.4

The security researchers at Sucuri firm discovered a malicious code that could be used to steal payment card data from Magento platform.

Security experts at Sucuri have uncovered a new method used by criminals to syphon payment card data from websites based on the Magento e-commerce Platform.

Researchers explained that attackers can collect any data submitted by a user to Magento stealing credit card data. Peter Gramantik, a senior malware researcher at Sucuri, explained that criminals are able to inject a malicious code into Magento to steal payment card data, but it’s still unclear how they do it.

magento5

The attackers are able to collect all the POST requests, parse them with the malicious code that collect payment card information, and encrypt them with a public encryption key.

“It seems though that the attacker is exploiting a vulnerability in Magento core or some widely used module/extension,” wrote Gramantik. “If the structure of the POST parameters match, the attacker stores them all — nothing more, but nothing less,” Gramantik wrote. “They’ve got all the billing details processed by the infected site.”

The stolen payment card data is then saved in a fake image file that the attacker can download and decrypt later.

$y0 = ‘/home/cloudpanel/htdocs/www.site_name_removed.ca/skin/adminhtml/default/default/images/icon_feed_bg.gif';

“Now they have all the billing information processed by the Magento e-commerce website,” he wrote. “It’s all nicely packed, formatted and collected.”

The researchers have spotted a sample of the malicious code used to steal data from Magento by injecting code into the Magento’s Checkout Module. In the sample analyzed by the Sucuri, the payment card data is collected before a transaction is processed than is sent in plain text via email back to the attacker.

“The code is pretty clear – it’s a simple mailer. It doesn’t modify the data, just steals them “in the middle” of the transaction processing so that it’s not detected. All the data which should be secured is sent in a plaintext form to the attacker’s email.” states Sucuri.

The experts highlight that attackers have a deep knowledge of the Magento platform.

“The attacker knows how the module works and the code it’s built on; all he needed to do was use the module’s own variable in which all the sensitive data is stored unprotected.” said Gramantik.

The problem resides in the way Magento handles payment data, despite it encrypts the information there is “a very short period of time when Magento handles sensitive customer information in an unencrypted format,” states a blog post written by Sinegubko.

Be aware, Magento payment card stealers are being used in the wild.

Pierluigi Paganini

(Security Affairs – Magento,  cybercrime)