An Interest In:
Web News this Week
- April 12, 2024
- April 11, 2024
- April 10, 2024
- April 9, 2024
- April 8, 2024
- April 7, 2024
- April 6, 2024
Some of Our Sources
- Mashable
- Joshua Blankenship
- Spoon Graphics
- Six Revisions
- You The Designer
- CSS Globe
- 24 Ways
- Specky Boy
- CSS Tricks
- Android Headlines
Help Webnuz
Referal links:
February 11, 2022 10:40 pm
Original Link: https://it.slashdot.org/story/22/02/11/2052256/hundreds-of-e-commerce-sites-booby-trapped-with-payment-card-skimming-malware?utm_source=rss1.0mainlink
Hundreds of E-Commerce Sites Booby-Trapped With Payment Card-Skimming Malware
An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: About 500 e-commerce websites were recently found to be compromised by hackers who installed a credit card skimmer that surreptitiously stole sensitive data when visitors attempted to make a purchase. A report published on Tuesday is only the latest one involving Magecart, an umbrella term given to competing crime groups that infect e-commerce sites with skimmers. Over the past few years, thousands of sites have been hit by exploits that cause them to run malicious code. When visitors enter payment card details during purchase, the code sends that information to attacker-controlled servers. Sansec, the security firm that discovered the latest batch of infections, said the compromised sites were all loading malicious scripts hosted at the domain naturalfreshmall[.]com. "The Natural Fresh skimmer shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form," firm researchers wrote on Twitter. "Payments are sent to https://naturalfreshmall.com/p...." The hackers then modified existing files or planted new files that provided no fewer than 19 backdoors that the hackers could use to retain control over the sites in the event the malicious script was detected and removed and the vulnerable software was updated. The only way to fully disinfect the site is to identify and remove the backdoors before updating the vulnerable CMS that allowed the site to be hacked in the first place. Sansec worked with the admins of hacked sites to determine the common entry point used by the attackers. The researchers eventually determined that the attackers combined a SQL injection exploit with a PHP object injection attack in a Magento plugin known as Quickview. [...] It's not hard to find sites that remain infected more than a week after Sansec first reported the campaign on Twitter. At the time this post was going live, Bedexpress[.]com continued to contain this HTML attribute, which pulls JavaScript from the rogue naturalfreshmall[.]com domain. The hacked sites were running Magento 1, a version of the e-commerce platform that was retired in June 2020. The safer bet for any site still using this deprecated package is to upgrade to the latest version of Adobe Commerce. Another option is to install open source patches available for Magento 1 using either DIY software from the OpenMage project or with commercial support from Mage-One.Read more of this story at Slashdot.
Original Link: https://it.slashdot.org/story/22/02/11/2052256/hundreds-of-e-commerce-sites-booby-trapped-with-payment-card-skimming-malware?utm_source=rss1.0mainlink
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot