Hackers Hit Around 500 E-Commerce Sites Using Credit Card Skimmers

Credit card skimming threatens users again following an incident that affected around 500 e-commerce sites.

According to the latest report, hackers will install a device capable of deleting confidential information whenever a web guest purchases a product.

Hackers use credit card skimmers to install malware

(Photo: Giovanni Gagliardi of Unsplash)
Credit card skimming threatens users again following an incident that affected around 500 e-commerce sites.

The latest fraud has alerted cybersecurity researchers to act on the updated incident involving Magecart. Simply, this term refers to the hacking tactic of the criminals in which they inject malicious code on the payment page.

When entering details during purchase, they will use credit card skimmers to steal information from users. Malicious code will redirect people to infected systems.

security company Sansec was the first to report compromised websites containing malicious scripts. According to the cybersecurity organization, the codes came from naturalfreshmall(.)com.

On Twitter, the researchers tweeted that the scammers would rely on the Natural Fresh skimmer which would display a fake pop-up for payment for the product. Also, the payments will go to the previously mentioned domain.

In addition to this, crooks will now modify files or recreate new documents to open way for backdoors. These backdoors will then be used to manage the site in case the malware has been removed via virus detection software.

According to Sansec, the main solution to cleaning the entire website is to immediately detect the malicious code and eliminate it immediately. They recommend doing this before updating the CMS.

Related article: SIM swapping scam: FCC wants to change current rules to prevent hackers from exploiting phone numbers

What Sansec discovered

In another report from Ars Technica, the cybersecurity company was able to communicate with the administrators of the compromised websites.

From there, they discovered that the hackers were using an SQL injection exploit and the PHP object injection attack. Both would have worked in Quickview, a Magento 2 extension that allows customers to quickly view product information without needing to load listings.

By abusing this Magenta plugin, hackers were able to remove an additional validation rule aligned to the customer_eav_attribute table. Additionally, the credit card skimming group injected a payload into the site.

In order to successfully execute the code, the hackers must first “deserialize” the data on Magento. From there, they would log in as a new guest on the website.

Sansec noticed that Magento 1 was used on compromised e-commerce platforms. This outdated version last appeared over a year ago. For prevention of a card skimming scheme, you can also install Malwarebytes for real-time detection of potential security threats.

Meanwhile, a Redditor spotted a phishing website involving a target gift card scam driven by Google ads. In a separate report, Tech Times previously wrote that Verizon customers encountered a sketchy text message that could steal users’ sensitive information.

Read also : Recent phone scam annoys victims with spam phone calls: beware of this seven-digit number

This article belongs to Tech Times

Written by Joseph Henry

ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.

About Shirley L. Kreger

Check Also

Note to Democrats: Break up the credit card cartel

Last week, after hearing scratching in the walls and noticing mouse droppings under the kitchen …