Encircle News!

Retro Game Arcade
, , ,

Ecommerce sites targeted by Magento payment system hack

TechRadar – All the latest technology news

A creative technique involving so-called swap files is being used to deploy persistent credit card skimmers on compromised Magento ecommerce sites, a new report from cybersecurity researchers Sucuri has warned.

“When files are edited directly via SSH the server will create a temporary 'swap' version in case the editor crashes, which prevents the entire contents from being lost,” the researchers explained. 

“It became evident that the attackers were leveraging a swap file to keep the malware present on the server and evade normal methods of detection.”

Swap files and fake Amazon domains

In order to create the temporary swap version, the attacker first needs access to the Magento site. For this particular instance, it wasn’t known how the threat actors gained access, but it’s safe to assume it was either done via phishing, or through brute-force or credential stuffing attacks.

Furthermore, using swap files was just one of many ways the attackers ensured persistence on the site, the researchers further explained. The data stolen with the skimmer was being sent to a domain named “amazon-analytic[.]com,” registered in February 2024.

“Note the use of the brand name; this tactic of leveraging popular products and services in domain names is often used by bad actors in an attempt to evade detection,” the researchers explained. They added that the same domain was seen in other credit card theft attacks, as well.

As a result, the skimmer survived “multiple cleanup attempts,” and was exfiltrating sensitive data such as people’s names, addresses, credit card numbers, and other data needed to use the cards elsewhere.

The name of the compromised website is unknown. We also don’t know how long it was compromised, or how many people have had their data stolen this way. We also don’t know if the data was already used anywhere, either to make fraudulent purchases, or sold on the dark web. Some criminals use stolen credit card data to purchase malicious ad campaigns, which are often seen on Google, Facebook, LinkedIn, and other popular sites.

Via The Hacker News

More from TechRadar Pro

https://www.techradar.com/pro/security/ecommerce-sites-targeted-by-magento-payment-system-hack

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

July 2024
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 989: Executive Laundry Folding Disorder – Crowdstrike, Prime Day, Stremaing the Olympics This Week in Tech (Audio)

Biden drops out of the race via tweet "CrowdStrike update that caused global outage likely skipped checks, experts say Amazon's Prime Day causes worker injuries, Senate probe finds Kaspersky Lab Closing U.S. Division; Laying Off Workers Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks The Paris Olympics Will Show Us the Future of Sports on TV Judge dismisses much of SEC suit against SolarWinds over cybersecurity disclosures FBI Used New Cellebrite Software to Access Trump Shooter's Phone Hundreds more Californians get housing with Apple's help Microsoft's new AI system 'SpreadsheetLLM' unlocks insights from spreadsheets, boosting enterprise productivity Bethesda Game Studios workers unionize under Communications Workers of America Host: Leo Laporte Guests: Lisa Schmeiser, Ashley Esqueda, and Anthony Ha Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit – use code: TWIT lookout.com mintmobile.com/twit NetSuite.com/TWIT motific.ai
  1. TWiT 989: Executive Laundry Folding Disorder – Crowdstrike, Prime Day, Stremaing the Olympics
  2. TWiT 988: Flaming Corn Maze – AT&T Breach, Galaxy Z Fold6, Olympic Disinfo
  3. TWiT 987: Often Plagiarized, Never Equalled – Sapce Junk, Threads Hits 175M Users, AIndependence
  4. TWiT 986: Our Dope GPS! – Supreme Court Decisions, Snapdragon X Elite Tests
  5. TWiT 985: TikTok With Wings – AT&T Landlines, US Bans Kaspersky and DJI