Popular retail sites have been compromised with Magecart. This simply means that the card data of shoppers can now be stolen with relative ease.
This in question means that online shoppers should be very much careful when going about their businesses online as researchers have now deemed that even 404 pages can steal their card data at the moment.
Popular Retail Sites Compromised With Magecart
Cybersecurity researchers from Akamai have just recently discovered a new and kind of very creative medium hackers were hiding credit card skimmers in several e-commerce websites and platforms.
Hackers usually hide malicious code somewhere on the checkout page and then steal sensitive payment information (such as credit card numbers, full names, expiration dates, etc.) during the whole purchase process. Akamai in this case, however, found the malicious code reportedly hiding in a 404 page of the site.
Innovative Approach by Hackers
Virtually every single website available on the internet has a 404 page. And for those that don’t know what a 404 page is, this is a page that is displayed when a visitor tries to view a website that is not in existence, either because the link in question is broken, the page was moved, or something similar.
Some pages (mostly Magento as well as WooCommerce sites), including a couple belonging to “renowned organizations” in the food and retail sectors, have all had these 404 pages compromised with card-stealing code popularly known as Magecart, something that has never been seen before, Akamai reports.
How the Researchers Found the Codes Put In Place by the Hackers
“This concealment technique is highly innovative and something we haven’t seen in previous Magecart campaigns,” Akamai in its report stated. “The idea of manipulating the default 404 error page of a targeted website can offer Magecart actors various creative options for improved hiding and evasion.”
Even the researchers from Akamai did not see the malware at first, thinking that the skimmer was inactive, or that the hackers in question made a mistake while configuring it.
“We simulated additional requests to nonexistent paths, and all of them returned the same 404 error page containing the comment with the encoded malicious code,” the researchers stated. “These checks confirm that the attacker successfully altered the default error page for the entire website and concealed the malicious code within it!”
The Researchers Spotted Two Additional Campaigns
The researchers from Akamai also sighted two additional campaigns, one in which the attackers as you should know tried to hide the code in the HTML image tag’s ‘onerror’ attribute, and one on the other hand in which an image binary was reportedly tweaked in a bid to make it look as if it is the Meta Pixel code snippet.
MORE RELATED POSTS