Security News > 2023 > October > Hackers modify online stores’ 404 pages to steal credit cards
A new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information.
All websites feature 404 error pages that are displayed to visitors when accessing a webpage that does not exist, has been moved, or has a dead/broken link.
"The idea of manipulating the default 404 error page of a targeted website can offer Magecart actors various creative options for improved hiding and evasion."
Upon closer inspection, they found that the loader contained a regular expression match searching for a specific string in the returned HTML of the 404 page.
"We simulated additional requests to nonexistent paths, and all of them returned the same 404 error page containing the comment with the encoded malicious code," explains Akamai.
The case of manipulating 404 pages highlights the evolving tactics and versatility of Magecart actors, who continually make it harder for webmaster to locate their malicious code on compromised websites and sanitize them.