Security News > 2023 > March > Hackers inject credit card stealers into payment processing modules
A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans.
To evade detection, the threat actors are now injecting malicious scripts directly into the site's payment gateway modules used to process credit card payments on checkout.
As these extensions are usually only called after a user submits their credit card details and checks out at the store, it may be harder to detect by cybersecurity solutions.
To accept credit cards on the site, stores utilize a payment processing system, such as Authorize.net, a popular processor used by 440,000 merchants worldwide.
On the compromised site, Sucuri discovered that threat actors modified the "Class-wc-authorize-net-cim.php" file, one of Authorize.net's files supporting the payment gateway's integration to WooCommerce environments.
Secondly, saving stolen credit card details on an image file isn't a new tactic, but strong encryption is a novel element that helps attackers evade detection.