Credit Card Skimmer Impersonating Sucuri, Magento Stores to Steal “CC” Data

The security researchers have recently detected cyberattacks against retailers that are running the Magento 1.x e-commerce program at the beginning of this September. And here, they have been assigning to one single group.

A credit card skimming malware campaign outlines the security company ‘Sucuri’ to steal all fine-tuned customer data including from the infected e-commerce stores. 

The report that has been presented by the security experts affirmed that this group had transferred a vast number of different Magecart attacks that usually negotiate a large number of websites with the help of supply chain attacks.

The stolen data contains sensitive information of the customers including their first name, last name, address, phone number, and credit card details. 

Digital credit card skimming attack

According to the report, a digital credit card skimming attack is a web-based skimming attack. In this kind of attack, the threat actors initially inject some malicious JavaScript code into the websites or into e-commerce stores. 

Here, the threat actors can affect them with malware and eventually steal all the credentials and sensitive payment data from the customers of the website. 

However, the digital skimmers’ malicious code is often located at the user input forms in the payment checkout page of the website that normally inhales the user inputs. It generates an iframe along with a fake payment method to steal the credit card data of the users.

Traits of the Magento Credit Card Skimmer

There are some traits that are shown by the Magneto credit card skimming malware, and here we have mentioned below all the traits:-

  • All the customers are lamenting regarding the unidentified purchases and events from their credit card after utilizing it on the store.
  • Various emails are coming from the payment provider/bank, giving a warning regarding the store’s payment gateway.
  • The additional payment method is being added to the store, which the user does not identify.
  • The code that has been holding the term ‘Sucuri’ was added to the website.

Hackers are Targeting Stores and Fooling Users

The security experts are investigating the whole malware thoroughly, and they found that how these threat actors are attacking the stores and misleading the users. 

These threat actors are actively planting this credit card skimming malware into e-commerce websites and cheating site guests, and convincing the guest to enter their delicate information during the time of checkout. 

The experts have also mentioned that where is the malicious credit card skimmer code is placed, this malware is present in /app/code/core/Mage/Paym. In the whole procedure, the threat actors are adding a function $this->sucuri_encrypted(). 

This function enables the threat actors to exfiltrate the data that has been entered by a user in the checkout process.

Protect Your e-commerce Store

The e-commerce websites that are infected with this malware may experience a massive loss in income and customer trust. All these issues appear due to their customers’ delicate data that has been stolen with the help of this malware.

After the hackers steal the data, the legit orders are not being placed, or the payments are not being made. That’s why the cybersecurity experts have advised the site proprietors that they should perform all the prior security measures so that they can protect their sites and customer data from all this kind of credit card skimmer or some other malware campaign.

Apart from this, the security experts are still investigating the procedure and trying to bypass all these malware campaigns so that they can inform the exact data regarding this matter to all the website owners.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Also Read:

Magento Warns Users to Apply Security Updates to Fix Critical RCE, XSS & Other Vulnerabilities

Beware!! Hackers Hide Web Skimmer Stealer within EXIF Metadata to Steal Credit card Data

MageCart Hackers Steals Customer Credit Card Data from E-commerce Site Using Web Skimmer

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.