Hackers Hit About 500 eCommerce Sites Using Credit Card Skimmers

Credit card skimming is once again threatening users following an incident that hit about 500 e-commerce websites.

According to the latest report, the hackers will install a device that can take away confidential information whenever a web guest purchases a product.

Hackers Use Credit Card Skimmers to Install Malware

(Photo : Giovanni Gagliardi from Unsplash)
Credit card skimming is once again threatening users following an incident that hit about 500 e-commerce websites.

The latest fraud alerted the cybersecurity researchers to act on the up-to-date incident involving Magecart. Simply, this term refers to the hacking tactic of the criminals wherein they inject malicious code on the checkout page.

Upon entering the details during purchase, they will use credit card skimmers to steal information from the users. The malicious code will redirect the people to infected systems.

Security firm Sansec was the first to report the compromised websites that contain malicious scripts. According to the cybersecurity organization, the codes came from naturalfreshmall(.)com.

On Twitter, the researchers tweeted out that the scammers will rely on the Natural Fresh skimmer which will show a bogus popup for the product payment. In addition, the payments will go to the domain mentioned earlier.

Besides that, the scammers will now modify the files or recreate new documents to pave the way for the backdoors. These backdoors will then be used to manage the site in case the malware was removed through virus-detecting software.

According to Sansec, the primary solution to cleanse the whole website is immediately detecting the malicious code and eliminating it right away. They recommend doing this prior to the CMS update.

Related Article: SIM Swapping Scam: FCC Wants to Amend Current Rules to Prevent Hackers From Exploiting Phone Numbers

What Sansec Discovered

In another report by Ars Technica, the cybersecurity firm was able to communicate with the administrators of the compromised websites.

From there, they discovered that the hackers utilized a SQL injection exploit and the PHP object injection attack. Both of them were reportedly operating in Quickview, a Magento 2 extension that lets the customers have a quick view of the information of a product without the need of loading the listings.

By abusing this Magenta plugin, the hackers were able to pull off an additional validation rule aligned to the customer_eav_attribute table. Additionally, the credit card skimming group injected a payload to the site.

In order to have the successful running of the code, the hackers should first “unserialize” the data on Magento. From there, they would log in as a new guest on the website.

Sansec noticed that the Magento 1 was used on the compromised e-commerce platforms. This outdated version last appeared more than a year ago. For the prevention of a card skimming scheme, you might as well install Malwarebytes for real-time detection of potential security threats.

Meanwhile, a Redditor spotted a phishing website involving a Target Gift Card scam prompted by Google ads. In another news story, Tech Times previously wrote that Verizon customers encountered a sketchy text message which might steal the users’ sensitive information.

Read Also: Recent Phone Scam Annoys Victims Through Spamming Phone Calls: Beware of This Seven-Digit Number

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2021 TECHTIMES.com All rights reserved. Do not reproduce without permission.

Leave a Comment

Your email address will not be published.