How these crooks backdoor online shops and siphon victims' credit card info

2022-05-18 18:47

The FBI and its friends have warned businesses of crooks scraping people's credit-card details from tampered payment pages on compromised websites.

Php in an attempt to inject malicious code into the checkout.

In an advisory [PDF] from the FBI, and Uncle Sam's CISA and Homeland Security, from January 2022, code was injected into the checkout page to scrape customers' payment details and send it all to a server the crooks controlled that masqueraded as a legitimate card processing system.

What's more, the crooks modified files on the infiltrated website's server to install two backdoors.

One of these backdoors was a standard web shell - a page that executes commands on the remote system - which was deployed by including the statement assert($ REQUEST ) in a PHP page.

You may want to check the above strings aren't present into your site's PHP source code, and that you haven't a record of the IP addresses in your logs.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/18/fbi_credit_card/

#backdoor #creditcard #online