Credit Card and Debit Card frauds has been increasing at higher rate as everyone started using Cards for purchases and Transactions. Recently a new zero day flaw has been discovered that helped the attackers to steal credit card details.
It targets the siphon payment card information from e-commerce websites that uses #Magneto. #Magneto is the most popular e-commerce platform owned by eBay.
It is believed that Cyber criminals are injecting malicious code into the Magneto core file or some widely used module/extension to steal payment card data. Earlier this April Remote Code Execution has been done to compromise the information powered by Magneto.
To understand how it is done a little knowledge on Form Tampering is needed. It is nothing but changing the code that appears to make them execute something before it reaches the server. In this the credit card details before encrypting and sending to the server has been saved as plain text.
The Public key has been used and the credit card information will be added to the image file which is described in the beginning of the script. Once the Image file reached the attacker they can use Public key to decode the information and get the card details stored.
To evade the detection the tool includes a little purge function that wipes trails clean and masks user agents. Another fact is that if the image URL is opened in web browser broken image or no image will be loaded.
The activity can be identified only after adverse effect has been identified by the users in their card billing statements.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment