1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Ecommerce sites targeted by Magento payment system hack

    From TechnologyDaily@1337:1/100 to All on Wed Jul 24 17:00:06 2024
    Ecommerce sites targeted by Magento payment system hack

    Date:
    Wed, 24 Jul 2024 16:52:24 +0000

    Description:
    Hackers were seen using swap files to persist on ecommerce websites to steal credit card data.

    FULL STORY ======================================================================

    A creative technique involving so-called swap files is being used to deploy persistent credit card skimmers on compromised Magento ecommerce sites, a new report from cybersecurity researchers Sucuri has warned.

    "When files are edited directly via SSH the server will create a temporary 'swap' version in case the editor crashes, which prevents the entire contents from being lost," the researchers explained.

    "It became evident that the attackers were leveraging a swap file to keep the malware present on the server and evade normal methods of detection." Swap files and fake Amazon domains

    In order to create the temporary swap version, the attacker first needs
    access to the Magento site. For this particular instance, it wasnt known how the threat actors gained access, but its safe to assume it was either done
    via phishing, or through brute-force or credential stuffing attacks.

    Furthermore, using swap files was just one of many ways the attackers ensured persistence on the site, the researchers further explained. The data stolen with the skimmer was being sent to a domain named amazon-analytic[.]com, registered in February 2024.

    "Note the use of the brand name; this tactic of leveraging popular products and services in domain names is often used by bad actors in an attempt to evade detection," the researchers explained. They added that the same domain was seen in other credit card theft attacks, as well.

    As a result, the skimmer survived multiple cleanup attempts, and was exfiltrating sensitive data such as peoples names, addresses, credit card numbers, and other data needed to use the cards elsewhere.

    The name of the compromised website is unknown. We also dont know how long it was compromised, or how many people have had their data stolen this way. We also dont know if the data was already used anywhere, either to make fraudulent purchases, or sold on the dark web. Some criminals use stolen credit card data to purchase malicious ad campaigns, which are often seen on Google, Facebook, LinkedIn, and other popular sites.

    Via The Hacker News More from TechRadar Pro Online stores are being hijacked with fake forms to steal credit card details Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ecommerce-sites-targeted-by-magento-pay ment-system-hack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)