Researchers from Chinese cybersecurity firm Qihoo 360's NetLab have
revealed details of an ongoing credit card hacking campaign that is
currently stealing payment card information of customers visiting more
than 105 e-commerce websites.
While monitoring a malicious domain, www.magento-analytics[.]com,
for over last seven months, researchers found that the attackers have
been injecting malicious JS scripts hosted on this domain into hundreds
of online shopping websites.
The JavaScript scripts in question include the digital credit card
skimming code that when execute on a site, automatically steal payment
card information, such as credit card owner name, credit card number,
expiration time, CVV information, entered by its customers.
In an email Interview, NetLab researcher told The Hacker News that they
don't have enough data to determine how hackers infected affected
websites on the first place or what vulnerabilities they exploited, but
did confirm that all affected shopping sites are running over Magento
e-commerce CMS software.
Further analysis revealed that the malicious script then send stolen
payment card data to another file hosted on the magento-analytics[.]com
server controlled by the attackers.
"Take one victim as an example, www.kings2.com, when a user loads its
homepage, the JS runs as well. If a user selects a product and goes to
the 'Payment Information' to submit the credit card information, after
the CVV data is entered, the credit card information will be uploaded,"
researchers explain in a blog post published today.
Also, don't get confused with the domain name — www.magento-analytics[.]com.
Having Magento in the domain name doesn't mean that the malicious domain
is anyhow associated with the popular Magento ecommerce CMS platform;
instead the attackers used this keyword to disguise their activities and
confuse regular users.
According to the researchers, the malicious domain used in the campaign
is registered in Panama, however, in recent months, the IP address moved
around from "United States, Arizona" to "Russia, Moscow," then to
"China, Hong Kong."
While researchers found that the malicious domain has been stealing
credit cards information for at least five months with a total of 105
websites already infected with the malicious JS, they believe this
number could be higher than what appeared on their radar.
Just yesterday, a user posted
on a forum that his Magento website was also hacked recently and
attackers secretly injected a credit card stealing script from the same
domain, apparently a separate variant that has not yet been listed on
the 360 NetLab website.
Since attackers usually exploit known vulnerabilities in online
e-commerce software to inject their malicious scripts, websites
administrators are highly advised to follow best security practices,
such as applying latest updates and patches, limiting privileges for
critical systems and hardening web servers.
Website admins are also advised to leverage Content Security Policy (CSP) that effectively allows to take strict control over exactly what resources are allowed to load on your site.
Why gambling is so popular in Florida? - Dr.MCD
ReplyDeleteGambling 김해 출장안마 in Florida 제천 출장안마 is the most 당진 출장샵 prevalent form of gambling 세종특별자치 출장샵 in the state of Florida. As of October, gambling 울산광역 출장마사지 in the state of Florida is