Magento | Popular E- Commerce | Hacking


magento-hacking

Security researchers at Sucuri are still investigating the attack vector, but they believe that cyber criminals are injecting malicious code into the Magento core file or some widely used module/extension in order to steal payment card data.

Hackers are increasingly exploiting an unknown flaw to siphon payment card information from e-commerce websites that use Magento, the most popular e-commerce platform owned by eBay.

Back in April, a critical Remote Code Execution Flaw in Magento allowed hackers to fully compromise any online store powered by Magento and thereby gain access to credit card data and other financial, and personal information related to the customers.
Credit Card Stealers?

Moreover, to evade detection, the attack tool includes a nice little purge function that wipes trails clean and masks user agents.
"The sad part is that you will not know it's affecting you until it's too late, Gramantik wrote in a blog post, "in the worst cases it will not become apparent until they appear on your bank statements."
Gramantik says he detected several slightly different variants, but the inclusion of PUBLIC_KEY variable indicates the malware author is likely behind a family of credit card stealers.

Attackers store the billing information in the fake image file which is defined at the beginning of the script. Furthermore, the attackers modify the creation time stamp of the image file and add a fake JPEG header.

What's clever about this method?

Coincidentally, if anyone tries to load this "image" file via the web browser, "all the visitor would see is the broken image" and nothing more.

However, the cybercrook can download the complete "image" file and decrypt the stolen data using Public Key in an attempt to siphon all the billing information processed by the Magento e-commerce website.

#magento#creditcardinformation#e-commerce#stolen#hacking#hacktolearn

Comments

Popular posts from this blog

The power of Bluetooth 4.0

How to hack your xbox 360 completely

Wii Remote IR Camera Hack with Arduino Interface