1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Online shoppers beware - even 404 pages can steal your card data

    From TechnologyDaily@1337:1/100 to All on Tue Oct 10 15:15:04 2023
    Online shoppers beware - even 404 pages can steal your card data now

    Date:
    Tue, 10 Oct 2023 14:58:34 +0000

    Description:
    Popular retail sites compromised with Magecart, with the code hiding in the 404 pages.

    FULL STORY ======================================================================

    Cybersecurity researchers from Akamai have discovered a new and somewhat creative way hackers were hiding credit card skimmers on ecommerce websites.

    Usually, hackers hide malicious code somewhere on the checkout page and steal sensitive payment information (credit card numbers, full names, expiration dates, etc.) during the purchase process.

    In this case, however, Akamai found the malicious code hiding in a sites 404 page. Innovative approach

    Virtually every website on the internet has a 404 page - its displayed when a visitor tries to view a website that doesnt exist, either because the link is broken, the page was moved, or similar. Some pages (mostly Magento and WooCommerce sites), including a few belonging to renowned organizations in
    the food and retail sectors, have had these 404 pages compromised with card-stealing code known as Magecart, something that was never seen before, Akamai claims.

    "This concealment technique is highly innovative and something we haven't
    seen in previous Magecart campaigns," Akamai said in its report . "The idea
    of manipulating the default 404 error page of a targeted website can offer Magecart actors various creative options for improved hiding and evasion."

    Even Akamais researchers did not spot the malware at first, thinking the skimmer was inactive, or that the hackers made a mistake while configuring
    it.

    "We simulated additional requests to nonexistent paths, and all of them returned the same 404 error page containing the comment with the encoded malicious code," the researchers said. "These checks confirm that the
    attacker successfully altered the default error page for the entire website and concealed the malicious code within it!"

    Akamais researchers also spotted two additional campaigns, one in which the attackers tried to hide the code in the HTML image tags onerror attribute,
    and one in which an image binary was tweaked to make it seem as if its the Meta Pixel code snippet.

    Via BleepingComputer More from TechRadar Pro One of the most popular WordPress plugins has a serious security flaw Here's a list of the best firewalls today These are the best ID theft protection solutions at the moment



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/online-shoppers-beware-even-404-pages-c an-steal-your-card-data-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)