A brand-new technique has been used by the hackers of the Magecart threat group recently to hide stolen credit card data in the images.
In general, the threat actors of Magecart target the e-commerce websites, as their main motive is to steal credit card details. Once they are done with the stealing process, the threat actors sell the stolen data in the underground markets in Darkweb.
However, the experts opined that the threat actors usually obfuscate the malware code inside comment sections and encode the data into images that are hosted in the server.
The security analyst of Sucuri, Ben Martinone pronounced that they came to know about this hack when one of their clients got attacked by the threat actors of Magecart.
The victim came to the experts with an infected Magento e-commerce website and all the details of the credit card were being stolen. After a proper analysis, the experts have eliminated a huge amount of malware, that also contains six different types of Magento credit card swipers.
During the investigation, the researchers found that the threat actors are using a 7-year-old Magento version. And it might cost from $5,000 to $50,000 to relocate a Magento 1 website to the more secure Magento 2 website.
The initial way to analyze the credit card swiper is to use a base64 encoded string for encoding the malware. However, the experts claimed that there is another way to encode this malware rather than base64, that is the gzinflate.
According to the security analysts, gzinflate is one of the popular methods, because this supplies something that uses normal letters and numbers which could be transcribed on a keyboard easily.
After a proper analysis, the experts came to know that the threat actors are using “concatenation”, and it is quite a common obfuscation method that is encountered by the researchers.
Protection against this type of attack is one of the important things, and every user should know that how they can shield their website from this kind of attack; so, that’s why here we have mentioned below some security measures that are recommended by the experts:-
Here, the main motive of the threat actors is to capture customers’ payment card information, and later saved it to a bogus style sheet file (.CSS) on the server and then download the whole data.
So, the cybersecurity analysts have affirmed that every user must follow the step that is mentioned above, apart from this, the security researchers are trying their best to circumvent such attacks.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Some router models have identified a security vulnerability that allows attackers to bypass authentication. To exploit this vulnerability, an attacker…
Hackers often target CrushFTP servers as they contain sensitive data and are used for file sharing and storage. This makes…
DDoS attacks are a significant and growing risk that can overpower websites, crash servers, and block out authorized users with…
Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine.…
In a historic move, Microsoft has made the source code for MS-DOS 4.0, one of the most influential operating systems…
A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which utilized SSLoad malware for its operations…