Magecart hackers hide stolen credit card data into images and fake CSS files

Cybercriminal groups, united by information security experts under the general name Magecart, have armed themselves with new techniques to obfuscate malicious code and encrypt stolen credit card data to avoid detection.

Sucuri associates these attacks with Magecart Group 7 based on overlaps in tactics, techniques and procedures.

In one case of infection on GoDaddy’s Magento e-commerce website, a skimmer was embedded in one of the PHP files involved in the checkout process as a compressed Base64-encoded string.

To further mask the presence of malware, the attackers combined the malicious code with fragments of comments that “functionally do nothing, but add a layer of obfuscation.”

Cybercriminals aim to steal real-time customer payment card data from a compromised website. The stolen data is saved to an image file on the server and subsequently downloaded by hackers by sending a GET request.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts