Monday, May 13, 2024

Magecart Hackers Hide Stolen Credit Card Data Into Images & Selling It in DarkWeb

By Balaji

A brand-new technique has been used by the hackers of the Magecart threat group recently to hide stolen credit card data in the images. 

In general, the threat actors of Magecart target the e-commerce websites, as their main motive is to steal credit card details. Once they are done with the stealing process, the threat actors sell the stolen data in the underground markets in Darkweb.

However, the experts opined that the threat actors usually obfuscate the malware code inside comment sections and encode the data into images that are hosted in the server.

Hacked Magento Website

The security analyst of Sucuri, Ben Martinone pronounced that they came to know about this hack when one of their clients got attacked by the threat actors of Magecart.

The victim came to the experts with an infected Magento e-commerce website and all the details of the credit card were being stolen. After a proper analysis, the experts have eliminated a huge amount of malware, that also contains six different types of Magento credit card swipers.

During the investigation, the researchers found that the threat actors are using a 7-year-old Magento version. And it might cost from $5,000 to $50,000 to relocate a Magento 1 website to the more secure Magento 2 website. 

Examination of a Credit Card Swiper

The initial way to analyze the credit card swiper is to use a base64 encoded string for encoding the malware. However, the experts claimed that there is another way to encode this malware rather than base64, that is the gzinflate.

According to the security analysts, gzinflate is one of the popular methods, because this supplies something that uses normal letters and numbers which could be transcribed on a keyboard easily.

After a proper analysis, the experts came to know that the threat actors are using “concatenation”, and it is quite a common obfuscation method that is encountered by the researchers.

Protect your website

Protection against this type of attack is one of the important things, and every user should know that how they can shield their website from this kind of attack; so, that’s why here we have mentioned below some security measures that are recommended by the experts:-

  • Always keep your website updated and keep installing the software as soon as possible.
  • Remember to use long complex passwords.
  • Always keep your workstations secure to manage your website.
  • Apply a reliable hosting environment.
  • Lock down your management panel with extra security measures.
  • Set your website behind a firewall to block further attacks.

Here, the main motive of the threat actors is to capture customers’ payment card information, and later saved it to a bogus style sheet file (.CSS) on the server and then download the whole data. 

So, the cybersecurity analysts have affirmed that every user must follow the step that is mentioned above, apart from this, the security researchers are trying their best to circumvent such attacks.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Managed WAF Protection

Website

Latest articles

cyber security

Hackers Exploiting Vulnerabilities 50% Faster, Within 4.76 Days

Cybersecurity researchers are sounding the alarm that hackers are exploiting software vulnerabilities faster than...
Artificial Intelligence

Hackers Moving To AI But Lacking Behind The Defenders In Adoption Rates

Hackers were actively exploiting the generative AI for cyber attacks; not only that, even...
Cyber Security News

PoC Released for Critical PuTTY Private Key Recovery Vulnerability

Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the...
cyber security

HackCar – Attack AND Defense Playground For Automotive System

Modern cars have microcontrollers that use the Controller Area Network (CAN) to perform safety...
Cyber Attack

DDoS Attack Size Increased by 233.33%, UDP-Based are Popular

The latest Nexusguard DDoS Trend Report for 2024 has unveiled a significant escalation in...
Cloud

New LLMjacking Used Stolen Cloud Credentials to Attack Cloud LLM Servers

Researchers have identified a new form of cyberattack termed "LLMjacking," which exploits stolen cloud...
Cyber Attack

HijackLoader Malware Attack Windows Via Weaponized PNG Image

In a recent cybersecurity breakthrough, researchers have unveiled significant updates to the HijackLoader malware,...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]