Hackers Rigged Hundreds of Ecommerce Sites to Steal Payment Info
Photograph: Igor Golovniov/Getty Images About 500 ecommerce websites were recently found to be compromised by hackers who installed a credit card skimmer that surreptitiously stole sensitive data when visitors attempted to make a purchase.
A report published on Tuesday is only the latest one involving Magecart, an umbrella term given to competing crime groups that infect ecommerce sites with skimmers. Over the past few years, thousands of sites have been hit by exploits that cause them to run malicious code . When visitors enter payment card details during purchase, the code sends that information to attacker-controlled servers.
Sansec, the security firm that discovered the latest batch of infections, said the compromised sites were all loading malicious scripts hosted at the domain naturalfreshmall[.]com. To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video WATCH Hacker Explains One Concept in 5 Levels of Difficulty Share Tweet Email More… EMBED URL
VIDEO URL
https://www.wired.com/video/watch/5-levels-hacker-explains-one-concept-in-5-levels-of-difficulty Our bad! It looks like we’re experiencing playback issues.
The live event has ended. Please check back again soon for the recorded video.
LIVEVIDEO TO BEGIN AFTER ADLoaded: 0%Progress: 0% UnmuteVolume 0% Back Caption Options
Close Settings Language English Small Medium Large Auto Bottom Top “The Natural Fresh skimmer shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form,” firm researchers wrote on Twitter. “Payments are sent to https://naturalfreshmall[.]com/payment/Payment.php.”The hackers then modified existing files or planted new files that provided no fewer than 19 backdoors that the hackers could use to retain control over the sites in the event the malicious script was detected and removed and the vulnerable software was updated. The only way to fully disinfect the site is to identify and remove the backdoors before updating […]
Click here to view original web page at www.wired.com
I am a robot. This article is curated from another source (e.g. videos, images, articles, etc.). For the complete article please use the link provided to visit the original source or author. Content from other websites behaves in the exact same way as if the visitor has visited the other website.
Warning: The views and opinions expressed are those of the authors and do not necessarily reflect the official policy or position of MichelPaquin.com.