Friday, December 6, 2024
HomeMalwareMagecart Threat Actors Using Highly Evasive Skimmer to Steal Credit Card Data

Magecart Threat Actors Using Highly Evasive Skimmer to Steal Credit Card Data

Published on

SIEM as a Service

Cybersecurity researchers at Cyble Research & Intelligence Labs have identified a tweet with a JavaScript skimmer that is mentioned by a security analyst on Twitter. 

The Magecart threat group has created this skimmer that mainly steals data related to payments from the Magento website, which is an e-commerce platform.

By exploiting the security flaws in the popular CMS, the operators of Magecart attack the Magento e-commerce websites. By doing so the attackers are able to inject malicious JavaScript into the source code of the website as a result of this exploit.

- Advertisement - SIEM as a Service

Data Involve

There is malicious code embedded in the checkout page and payment form of the compromised website which attempts to collect the following payment information:- 

  • Credit card number
  • Debit card number
  • Credit card owner’s name
  • Debit card  owner’s name
  • Credit CVV number
  • Debit CVV number
  • Credit card expiry date
  • Debit card expiry date

There is also a check written into the malicious code which determines that the data is in the right format and displays that information.

Magento Card-Skimming

An open-source e-commerce platform, Magento is completely based on PHP, and it’s a platform that facilitates the creation of e-commerce websites for programmers.

The Magento card skimming technique exploits vulnerabilities in Magento’s e-commerce software to steal credit cards from customers. While they do so, they are able to access the source code of the website.

According to the report, Once the threat actors have obtained access to the compromised website, they inject malicious JavaScript into it. By doing this, the threat actors track all the payment forms and checkout processes to steal customers’ financial data.

As soon as the JavaScript is executed, it checks for the presence of anti-skimmer features, which prevent the skimmer from detecting it. In this way, it is prevented from loading when the browser is using its dev tool at the same time.

A JavaScript file retrieves the payment information from the victim once they have entered it into the form. Thereafter, the POST method is used in order to send the Base64-encoded data through this method to the URL included in the script.

Recommendations

Following are some of the best cybersecurity practices that we believe to be essential:-

  • Consider using an anti-virus and internet security software package that has a reputable name in the industry.
  • The use of warez and torrent websites for downloading pirated software must be avoided.
  • Where possible, you should enforce multi-factor authentication in all areas of your business and use strong passwords.
  • Make sure you verify the authenticity of any links and email attachments before you open them. 
  • Make sure that employees are aware of what threats may exist, such as phishing websites and URLs that are untrusted.
  • Updating your operating system, applications, and devices is essential.
  • Ensure that URLs that are likely to be used for spreading malware, such as torrents and warez sites, are blocked.
  • In order to protect the data from being stolen by malware, you need to monitor the beacon at the network level.
  • On the employee’s systems, make sure that a Data Loss Prevention (DLP) Solution is enabled.

Download Free SWG – Secure Web Filtering – E-book

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Weaponized Word Documents Attacking Windows Users to Deliver NetSupport & BurnsRAT

The threat actors distributed malicious JS scripts disguised as legitimate business documents, primarily in...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...

New CleverSoar Malware Attacking Windows Users Bypassing Security Mechanisms

CleverSoar, a new malware installer, targets Chinese and Vietnamese users to deploy advanced tools...