Security News > 2022 > May > Threat actors compromising US business online checkout pages to steal credit card information
A new FLASH report from the FBI warns about cyber actors scraping credit card data from compromised online checkout pages from US businesses.
According to the FBI, a US business was targeted in September 2020 by an unidentified threat actor, who inserted malicious PHP code into the checkout page of the targeted company website.
Every user buying something on that compromised website would unwittingly send their credit card data to the fraudsters.
Figure A. The second backdoor installed by the unknown threat actor used a regular expression to insert and execute code submitted as an HTTP request variable named "u". Figure B. Another web shell named B374K was used by the threat actor for backdooring purposes.
Magecart, for example, is a group of actors targeting thousands of websites in order to collect credit card data, active since 2016.
Since the threat actors are systematically modifying legitimate scripts from the website to deploy their backdoors or enable credit card data theft, any change on a static file out of any update process should be immediately flagged and investigated.