Trend Tide News

Magento Shops Targeted by Novel Card Skimmer - TechNadu

By Lore Apostol

Magento Shops Targeted by Novel Card Skimmer - TechNadu

The data is encrypted and exfiltrated using a beaconing technique, which makes the process hard to discover.

A new credit card skimmer malware has been discovered targeting checkout pages of online stores using the e-commerce platform Magento. Cybersecurity experts flagged malicious JavaScript injections that aim to steal sensitive payment and user information directly from the checkout process.

The malware was initially discovered during a routine check using Sucuri's SiteCheck tool, which flagged a suspicious resource from dynamicopenfonts[.]app. Forensic analysis revealed that the malicious script was embedded in the '<referenceContainer>' directive within the XML file, loading JavaScript before the closing '<body>' tag.

The domains involved are dynamicopenfonts[.]app, staticfonts[.]com, and static-fonts[.]com, and two of these are currently on VirusTotal's blocklist. At the moment, eight websites are infected.

It employs a sophisticated blend of filesystem and database infection techniques, leveraging advanced obfuscation to avoid detection. Furthermore, it targets checkout pages, as the script activates only on URLs containing the word "checkout" while excluding those with "cart."

Depending on the malware variant, it either injects a fake credit card form into the checkout process or directly extracts data from live input fields. Apart from credit card details, the malware exploits Magento's APIs to harvest user information, including the customer's name, address, email, phone number, and billing data.

Stolen data is encoded as JSON, XOR-encrypted with the key 'script,' and Base64-encoded for secure transmission. The encrypted data is then silently relayed to a remote server (http://staticfonts.com) using a beaconing technique, which involves using a script or program to send data from the client to a remote server without any signs a user would notice.

This malware's dynamic method of operation -- combined with encryption and beaconing techniques -- makes it a significant challenge for eCommerce platforms to detect and prevent.

In August, a few hundred Magento-based stores were injected with digital skimmers in a malware campaign that exfiltrated credit card numbers, expiration dates, and CVV/CVC in real time.

Previous articleNext article

POPULAR CATEGORY

commerce

9627

tech

10585

amusement

11568

science

5257

various

12312

healthcare

9302

sports

12252