Hackers from the Magecart group learned to insert a malicious script into pages that block access to web resources with the 404 error code, stealing bank card data from visitors of popular online stores. In this respect reports The BleepingComputer post cites research from the Akamai Security Intelligence Group (ASIG).
A new malicious campaign targets online stores built on the most popular e-commerce web platforms Magento and WooCommerce. Attackers hack such sites and insert web skimmers and modules into their code to steal bank card data. Skimmers are downloaded to victims’ devices from pages containing 404 errors. Attackers themselves can arrange a situation where the user sees a 404 error instead of the online store interface.
After installing this page and the web skimmer, when reopening the online store, the user will see a fake form that transmits the received information to hackers for entering payment data.
“This technique is innovative and something we haven’t seen in previous Magecart campaigns. The idea of manipulating a standard 404 error page on the target site gives attackers a variety of creative options to enhance privacy and evade detection,” the ASIG report said.
According to researchers, hacker injections are poorly detected by administrators of compromised sites. For analytical systems, the overhead of the malicious module is defined as legitimate.
Hackers before learned Find owners of Bluetooth devices.