Tuesday , January 19 2021
Home / News / Web malware used to steal card data from e-commerce websites
Web malware used to steal card data from e-commerce websites

Web malware used to steal card data from e-commerce websites

A campaign which cyber criminals have been attacking the various e-commerce websites online has been noticed by the security researchers. The hackers are trying to steal the payment card and sensitive information of the e-commerce sites which would have been given by the customers.

The campaign is known as the Magecart campaign and it was discovered by the cloud-based security solutions firm, RiskIQ. It is believed the campaign was seen back in March 2016 and it still active up to now. Some of the attacks are known to be aimed at the Magento sites and have been detailed by the security firm, Sucuri.

However, RiskIQ said that the attackers were also targeting some of the other platforms also, which included the Powerfront CMS and OpenCart. The list also includes Braintree and VeriSign, if you are going to picture the targeted payment processing services.

RiskIQ identified more than a 100 inline shops which were hacked from around the world as part of the Magecart campaign and the list also included those that belong to some well-known book publishers, some fashion companies, and some various sporting equipment manufacturers. The cyber attackers are also believed to have attacked one gift shop in the UK which specializes in cancer research.

There was a Java script code which when injected to the websites would capture the information which was entered by the users into their purchase forms. The hackers then acted like the man in the middle between the victim and the checkout page. In some more cases, the malware would add some fake form fields to the page which would be used to try and trick the potential victims into giving even more information that might be lucrative to the hackers. The data would then be exfiltrated over HTTPS to one server which is under the control of the attacker.

If the attackers loaded the keylogger from the external source instead of injecting the keylogger straight into the compromised website, attackers would be able to update their malware without any need to reinfect the site.

RiskIQ says that the campaign actually peaked back in June after the cyber attackers started using the Eastern European bulletproof hosting company so that they could store the domains which serve the malware. In some of the most recent attacks, the researchers noticed some additional obfuscated script injections.

About Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of SpyAdvice.com, too, a site dedicated to educating people on online privacy and spying.

Check Also

Unblock Facebook at School

Russia to Target Facebook After Attack on Telegram

Following the mass-blocking of millions of IP addresses in the battle against Telegram, Roskomnadzor, the …

Leave a Reply

Your email address will not be published. Required fields are marked *