Security News > 2023 > October > Hackers modify online stores’ 404 pages to steal credit cards
A new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information.
All websites feature 404 error pages that are displayed to visitors when accessing a webpage that does not exist, has been moved, or has a dead/broken link.
"The idea of manipulating the default 404 error page of a targeted website can offer Magecart actors various creative options for improved hiding and evasion."
Upon closer inspection, they found that the loader contained a regular expression match searching for a specific string in the returned HTML of the 404 page.
"We simulated additional requests to nonexistent paths, and all of them returned the same 404 error page containing the comment with the encoded malicious code," explains Akamai.
The case of manipulating 404 pages highlights the evolving tactics and versatility of Magecart actors, who continually make it harder for webmaster to locate their malicious code on compromised websites and sanitize them.
News URL
Related news
- Green Bay Packers' online store hacked to steal credit cards (source)
- Wacom says crooks probably swiped customer credit cards from its online checkout (source)
- Casio UK online store hacked to steal customer credit cards (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)