Security News > 2020 > December > Credit card stealing malware bundles backdoor for easy reinstall

Credit card stealing malware bundles backdoor for easy reinstall
2020-12-08 11:35

The attackers exploited multiple security vulnerabilities impacting these older and deprecated Magento 2.x versions to inject backdoors and inject credit card stealer scripts that allowed them to harvest the store customers' payment card data.

Credit card skimmers are JavaScript-based scripts injected by Magecart cybercrime groups on compromised e-commerce sites' pages to exfiltrate payment and personal info submitted by customers to servers under their control.

To top it all off, the admin password logger would continue collecting and exfiltrating admin credentials to the Magecart operators even after they completely lost access to the e-commerce site's servers and couldn't reinfect it with credit card stealing malware.

Detailed information on each of the malware components used in these web skimming attacks is available in Sansec's report.

That credit card stealer's double payload structure included the source code of the skimmer script hidden in the social sharing icons and a separate decoder deployed separately on the e-commerce site's server used to extract and execute the skimmer script.


News URL

https://www.bleepingcomputer.com/news/security/credit-card-stealing-malware-bundles-backdoor-for-easy-reinstall/