Hackers are using a zero-day exploit with Magento – A Vulnerability to Steal Your Credit Cards

BlackHat Hackers are increasingly exploiting an unknown flaw to siphon payment card information from e-commerce websites that use Magento, the most popular e-commerce platform owned by eBay.
Security researchers at Sucuri are still investigating the attack vector, but they believe that cyber criminals are injecting malicious code into the Magento core file or some widely used module/extension in order to steal payment card data.
Back in April, a critical Remote Code Execution Flaw in Magento allowed hackers to fully compromise any online store powered by Magento and thereby gain access to credit card data and other financial, and personal information related to the customers.
Credit Card Stealers?
Now, Sucuri senior malware researcher Peter Gramantik have found an attack script that pilfers the content of every POST request and identifies valuable payment card data before storing it in an encrypted form that only the attacker can decrypt.
Moreover, to evade detection, the attack tool includes a nice little purge function that wipes trails clean and masks user agents.

The sad part is that you will not know it’s affecting you until it’s too late, Gramantik wrote “in the worst cases it will not become apparent until they appear on your bank statements.

Gramantik says he detected several slightly different variants, but the inclusion of PUBLIC_KEY variable indicates the malware author is likely behind a family of credit card stealers.
Attackers store the billing information in the fake image file which is defined at the beginning of the script. Furthermore, the attackers modify the creation timestamp of the image file and add a fake JPEG header.
What’s clever about this method?
Coincidentally, if anyone tries to load this “image” file via the web browser, “all the visitor would see is the broken image” and nothing more.
However, the cybercrook can download the complete “image” file and decrypt the stolen data using Public Key in an attempt to siphon all the billing information processed by the Magento e-commerce website.
With Alexa top one million e-commerce websites using it, Magento has become a valuable target for attackers. Two months ago, cyber criminals were using Magento e-commerce website to send credit card details submitted by its customer amid checkout procedure to a third-party malicious site controlled by attackers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s