Magento Security

Magento’s Payment Security Regularly Targeted by Credit Card Scrapers

Updated on: October 18, 2023

As e-commerce platforms worldwide are opting for stronger security measures, attackers are constantly developing new techniques to compromise these platforms and steal sensitive information provided by customers. A recent case of cyber crime targeted to steal paramount credit card data by compromising Magento’s payment security sheds light on the susceptible state of web security and a dire need of a stronger firewall system for systems promoting large scale financial transactions.

How was Magento’s Payment Security compromised?

The attackers exploited a vulnerability in a targeted Magento shop by injecting a malicious piece of code which allowed the attacker to collect personal and financial data entered by users on the compromised website. The targeted module – Realex Payments Magento extension (SF9) – allows Magento store owners to process mail and telephone orders by entering the payment details themselves. While the extension itself is not vulnerable, the attackers can abuse it by compromising the targeted Magento shop. In this case, a malicious function called sendCcNumber() added to an SF9 file named Remote.php sent sensitive financial data directly to the attacker’s mail. Moreover, the attacker used the online service to get the Issuer Identification Numbers (IIN), which in turn is used to identify the institution that issued the card to the card holder.

The vulnerability was found in the following code snippet:

Hackers these days tend to attack the application layer of web applications, where developer faults are more probably. Take the Opencart Malware Injection for example. Attackers circumvent security measures at application end to run their malicious code. It often happens that even highly sophisticated tools fail in undermining this hidden malware because hackers intelligently access the HTTP/HTTPS cookies.

Rise in malware attacks

2016 witnessed a rise in malware attacks, wherein multiple hacked eCommerce websites appeared to be affected by a JavaScript code injected into the site,  allowing the attackers to capture payment card information. Since March 2016, 100 online shops from around the world have been hacked, some of which also include well-known book publishers, fashion companies, and sporting equipment manufacturers. Another case of a Magento attack includes attackers using benign-looking image files of products sold on the compromised website to store payment card data, only to later retrieve from the source code after downloading the image.

Researchers have been monitoring a campaign dubbed “Magecart” by cloud-based security solutions provider RiskIQ to analyse the pattern of attacks.

  1. Technologies affected by credit card stealers are largely the ones hosted on multiple eCommerce platforms. Magento Commerce, Powerfront CMS, and OpenCart are examples of such affected e-Commerce sites.
  2. Multiple payment services providers like Braintree and VeriSign payment processing are targets on the affected sites.
  3. Attackers host formgrabber/credit card stealer content on remotely operated sites, served over HTTPS, while exfiltrating stolen data using HTTPS.
  4. Attackers refine their malicious content in an attempt to blend their malware into commonplace web technologies.

How to protect your website?

Such attacks are on a rise, and cyber-criminals use various tricks to elude detection of their malware. Online shop owners must resort to updating their software periodically. The malicious files used in such attacks can often be identified based on their “last modified” date, and the infection can be detected quickly.

Card fraud attempts cannot be entirely eliminated. However, Astra’s web application firewall ensures a comprehensive security solution via a layered security approach, thus protecting your e commerce website from any malware threats and secure vulnerabilities prone to exploitation by hackers.

Was this post helpful?

Bhagyeshwari Chauhan

An engineering grad and a technical writer, Bhagyeshwari blogs about web security, futuristic tech and space science.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newest Most Voted
Inline Feedbacks
View all comments

[…] attacks on it’s payment security system. A recent case of Magento attack witnessed credit card scrapers targeting the payment security system of Magento stores in order to steal param… Consequently, Magento has been wary of vulnerabilities in its system and in a prudent attempt, […]

ck togel
ck togel
6 years ago

Great article! We are linking to this particularly great
post on our site. Keep up the good writing.

5 years ago

Thanks , I have recently been looking for information approximately
this topic for a long time and yours is the greatest I have discovered till now.

Syed Muneeb Ul Hasan
5 years ago

Thanks for sharing this great post. Keep up the good work.

5 years ago

It’s hard to find well-informed people on this subject, however, you sound like you know what you’re talking about!

5 years ago

I do agree with all the ideas you have introduced for your post.
They are very convincing and will definately work.

bandar taruhan terpercaya
bandar taruhan terpercaya
5 years ago

It’s awesome in favor of me to have a site, which is helpful in favor of my
know-how. thanks admin

melhores sites fotografia
melhores sites fotografia
5 years ago

I do believe all the ideas you’ve introduced to
your post. They are really convincing and can certainly work.
Nonetheless, the posts are very brief and informative

Thanks for the post.

unduh lagu
5 years ago

What’s up, I desire to subscribe for this weblog to
get most up-to-date updates, so where can i do it please help.

Naman Rastogi
5 years ago
Reply to  unduh lagu

Under each blog article, there is a subscription box where you have to enter your name and email id and you will receive regular updates when a blog post gets live.

5 years ago

I all tһe time emailed this weblog post page to all my contacts, becauѕe
if I like to read it contacts will too.

liga Inggris klasemen
5 years ago

Excellent goods from you, man. I’ve understand your stuff prior to and you’re just too excellent.

I actually like what you’ve received right here, really like what you’re saying and the best way in which you say it.

You are making it enjoyable and you continue to take care of
to stay it wise. I can not wait to read much more from you.

That is actually a terrific website.

5 years ago

What’s up everyone, it’s my first paay a quick visit at this web site,
and pot is genuinely fruitful in favor of me, keep up posting such content.

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany