Magento’s Payment Security Regularly Targeted by Credit Card Scrapers
Updated on: October 18, 2023
Bhagyeshwari Chauhan
3 mins read
As e-commerce platforms worldwide are opting for stronger security measures, attackers are constantly developing new techniques to compromise these platforms and steal sensitive information provided by customers. A recent case of cyber crime targeted to steal paramount credit card data by compromising Magento’s payment security sheds light on the susceptible state of web security and a dire need of a stronger firewall system for systems promoting large scale financial transactions.
How was Magento’s Payment Security compromised?
The attackers exploited a vulnerability in a targeted Magento shop by injecting a malicious piece of code which allowed the attacker to collect personal and financial data entered by users on the compromised website. The targeted module – Realex Payments Magento extension (SF9) – allows Magento store owners to process mail and telephone orders by entering the payment details themselves. While the extension itself is not vulnerable, the attackers can abuse it by compromising the targeted Magento shop. In this case, a malicious function called sendCcNumber() added to an SF9 file named Remote.php sent sensitive financial data directly to the attacker’s mail. Moreover, the attacker used the online service binlist.net to get the Issuer Identification Numbers (IIN), which in turn is used to identify the institution that issued the card to the card holder.
The vulnerability was found in the following code snippet:
Hackers these days tend to attack the application layer of web applications, where developer faults are more probably. Take the Opencart Malware Injection for example. Attackers circumvent security measures at application end to run their malicious code. It often happens that even highly sophisticated tools fail in undermining this hidden malware because hackers intelligently access the HTTP/HTTPS cookies.
Rise in malware attacks
2016 witnessed a rise in malware attacks, wherein multiple hacked eCommerce websites appeared to be affected by a JavaScript code injected into the site, allowing the attackers to capture payment card information. Since March 2016, 100 online shops from around the world have been hacked, some of which also include well-known book publishers, fashion companies, and sporting equipment manufacturers. Another case of a Magento attack includes attackers using benign-looking image files of products sold on the compromised website to store payment card data, only to later retrieve from the source code after downloading the image.
Researchers have been monitoring a campaign dubbed “Magecart” by cloud-based security solutions provider RiskIQ to analyse the pattern of attacks.
- Technologies affected by credit card stealers are largely the ones hosted on multiple eCommerce platforms. Magento Commerce, Powerfront CMS, and OpenCart are examples of such affected e-Commerce sites.
- Multiple payment services providers like Braintree and VeriSign payment processing are targets on the affected sites.
- Attackers host formgrabber/credit card stealer content on remotely operated sites, served over HTTPS, while exfiltrating stolen data using HTTPS.
- Attackers refine their malicious content in an attempt to blend their malware into commonplace web technologies.
How to protect your website?
Such attacks are on a rise, and cyber-criminals use various tricks to elude detection of their malware. Online shop owners must resort to updating their software periodically. The malicious files used in such attacks can often be identified based on their “last modified” date, and the infection can be detected quickly.
Card fraud attempts cannot be entirely eliminated. However, Astra’s web application firewall ensures a comprehensive security solution via a layered security approach, thus protecting your e commerce website from any malware threats and secure vulnerabilities prone to exploitation by hackers.
Bhagyeshwari Chauhan
[…] attacks on it’s payment security system. A recent case of Magento attack witnessed credit card scrapers targeting the payment security system of Magento stores in order to steal param… Consequently, Magento has been wary of vulnerabilities in its system and in a prudent attempt, […]
Great article! We are linking to this particularly great
post on our site. Keep up the good writing.
Thanks , I have recently been looking for information approximately
this topic for a long time and yours is the greatest I have discovered till now.
Thanks for sharing this great post. Keep up the good work.
It’s hard to find well-informed people on this subject, however, you sound like you know what you’re talking about!
Thanks
I do agree with all the ideas you have introduced for your post.
They are very convincing and will definately work.
It’s awesome in favor of me to have a site, which is helpful in favor of my
know-how. thanks admin
I do believe all the ideas you’ve introduced to
your post. They are really convincing and can certainly work.
Nonetheless, the posts are very brief and informative
Thanks for the post.
What’s up, I desire to subscribe for this weblog to
get most up-to-date updates, so where can i do it please help.
Under each blog article, there is a subscription box where you have to enter your name and email id and you will receive regular updates when a blog post gets live.
I all tһe time emailed this weblog post page to all my contacts, becauѕe
if I like to read it contacts will too.
Excellent goods from you, man. I’ve understand your stuff prior to and you’re just too excellent.
I actually like what you’ve received right here, really like what you’re saying and the best way in which you say it.
You are making it enjoyable and you continue to take care of
to stay it wise. I can not wait to read much more from you.
That is actually a terrific website.
What’s up everyone, it’s my first paay a quick visit at this web site,
and pot is genuinely fruitful in favor of me, keep up posting such content.