A new wave of cyber attackers has set their sights on Magento e-commerce websites, utilizing a sophisticated card-skimming malware that is capable of extracting payment details from online transactions. This alarming development was uncovered by Sucuri security analyst Weston Henry, who stumbled upon the malicious JavaScript injection while conducting a routine inspection of a Magento-based site using Sucuri’s SiteCheck tool. The discovery comes at a particularly precarious time as online retailers and consumers gear up for the frenzied Black Friday online shopping day.
The attack takes advantage of the dynamic nature of the Magento platform, employing two distinct methods to pilfer sensitive information from unsuspecting victims. One tactic involves creating a counterfeit credit card form to duplicitously acquire card details, while the other method siphons data directly from the payment fields. According to insights shared in a blog post by Sucuri security analyst Puja Srivastava, the malware’s dynamic approach and encryption mechanisms make it extremely difficult to detect. Once the data is extracted, it is concealed through encryption and spirited away to a remote server under the control of the cybercriminals.
Magento-based websites have long been a favored target for malicious actors due to their widespread usage in the e-commerce realm and the treasure troves of valuable customer data they store, including payment card and bank account details. Card-skimming, a method frequently employed by cybercriminal collectives like Magecart, has emerged as a go-to strategy for extracting this coveted information from vulnerable sites.
The attackers behind this insidious malware have implemented a slew of anti-detection strategies to obfuscate their illicit activities. The data collected by the malware is meticulously encoded as JSON and then XOR-encrypted with the key “script” before being further disguised through Base64 encoding and surreptitiously transmitted to a remote server using a beaconing technique. This covert communication method allows the stolen data to be sent from the client to the attacker’s server without raising any red flags.
To safeguard e-commerce sites against such stealthy card-skimming campaigns, particularly during peak shopping periods like Black Friday, Sucuri recommends a proactive approach to security. Regular security audits, vigilant monitoring for anomalous behavior, and the deployment of a robust Web Application Firewall (WAF) are highlighted as essential safeguards. Furthermore, administrators are urged to ensure that their sites are always up to date with the latest security patches, as outdated software serves as a prime target for attackers exploiting vulnerabilities in obsolete plugins and themes. Strong, unique passwords should be used to fortify security measures, and file integrity monitoring is advised to promptly detect any unauthorized alterations to website files.
In essence, the emergence of this sophisticated card-skimming malware underscores the ever-evolving threat landscape facing e-commerce websites and the critical need for stringent security measures to protect against cyberattacks. As online transactions continue to proliferate, ensuring the safety and integrity of customer data remains paramount in the fight against cybercrime.