The most popular platform which is owned by eBay is exploited an unknown flaw by hackers to siphon payment card information from e-commerce websites that use Magento. Hackers stealing the credit card information of the users.
Security Researchers from Sucuri are investigating the attack vector and the believe that cyber criminals are injecting the malicious code into the Magento core file or in the module or extension that are widely used by the users or developers, in order to steal the payment card data.
Hackers are able to fully compromised the online store which is powered by Magento with a critical Remote Code Execution flaw in Magento which gave them access to the credit card data and other financial and personal information related to the customers.
Peter Gramantik, senior malware researcher from Sucuri have found and attack script that pilfers the content of every post request and identifies payment card data before storing it in an encrypted form that only the attacker can decrypt.
"In the worst cases it will not become apparent until they appear on your statements", Gramantik Said.
Coincidentally, if anyone tries to load this "image" file via the web browser, "all the visitor would see is the broken image" and nothing more. However, the cybercrook can download the complete "image" file and decrypt the stolen data using Public Key in an attempt to siphon all the billing information processed by the Magento e-commerce website.
Security Researchers from Sucuri are investigating the attack vector and the believe that cyber criminals are injecting the malicious code into the Magento core file or in the module or extension that are widely used by the users or developers, in order to steal the payment card data.
Hackers are able to fully compromised the online store which is powered by Magento with a critical Remote Code Execution flaw in Magento which gave them access to the credit card data and other financial and personal information related to the customers.
Peter Gramantik, senior malware researcher from Sucuri have found and attack script that pilfers the content of every post request and identifies payment card data before storing it in an encrypted form that only the attacker can decrypt.
"In the worst cases it will not become apparent until they appear on your statements", Gramantik Said.
Coincidentally, if anyone tries to load this "image" file via the web browser, "all the visitor would see is the broken image" and nothing more. However, the cybercrook can download the complete "image" file and decrypt the stolen data using Public Key in an attempt to siphon all the billing information processed by the Magento e-commerce website.
No comments:
Post a Comment