Security News > 2020 > December > Credit card stealing malware bundles backdoor for easy reinstall
The attackers exploited multiple security vulnerabilities impacting these older and deprecated Magento 2.x versions to inject backdoors and inject credit card stealer scripts that allowed them to harvest the store customers' payment card data.
Credit card skimmers are JavaScript-based scripts injected by Magecart cybercrime groups on compromised e-commerce sites' pages to exfiltrate payment and personal info submitted by customers to servers under their control.
To top it all off, the admin password logger would continue collecting and exfiltrating admin credentials to the Magecart operators even after they completely lost access to the e-commerce site's servers and couldn't reinfect it with credit card stealing malware.
Detailed information on each of the malware components used in these web skimming attacks is available in Sansec's report.
That credit card stealer's double payload structure included the source code of the skimmer script hidden in the social sharing icons and a separate decoder deployed separately on the e-commerce site's server used to extract and execute the skimmer script.
News URL
Related news
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)