Security News > 2021 > July > Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration

Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration
2021-07-11 21:00

Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection.

"One tactic that some Magecart actors employ is the dumping of swiped credit card details into image files on the server [to] avoid raising suspicion," Sucuri Security Analyst, Ben Martin, said in a write-up.

Magecart is the umbrella term given to multiple groups of cybercriminals targeting e-commerce websites with the goal of plundering credit card numbers by injecting malicious JavaScript skimmers and selling them on the black market.

Sucuri attributed the attack to Magecart Group 7 based on overlaps in the tactics, techniques, and procedures adopted by the threat actor.

Ultimately, the goal of the attacks is to capture customers' payment card details in real-time on the compromised website, which are then saved to a bogus style sheet file on the server and downloaded subsequently at the threat actor's end by making a GET request.

"From the perspective of the attackers: the rewards are too large and consequences non-existent, why wouldn't they? Literal fortunes are made [by] stealing and selling stolen credit cards on the black market."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/dmxdzsmFzTY/magecart-hackers-hide-stolen-credit.html