A detailed analysis of a multi-stage card skimming attack exploiting outdated Magento software and fake image files.
In today’s post we’re going to review a sophisticated, multi-stage carding attack on a Magento eCommerce website. This malware leveraged a fake gif image file, local browser sessionStorage data, and tampered with the website traffic using a malicious reverse-proxy server to facilitate the theft of credit card data, login details, cookies, and other sensitive data from the compromised website.
The client was experiencing some strange behaviour on their checkout page, including clients unable to input their card details normally, and orders not going through. They contacted us for assistance. Thinking this would be a straightforward case of credit card theft instead what we found was actually a fascinating and rather advanced malware which we will explore in detail in this post.
Hidden malware strikes WordPress mu-plugins. Our latest findings reveal how to safeguard your site against these threats.
Learn about the fake Google reCAPTCHA campaign infecting machines by tricking unsuspecting users into running malicious Powershell commands.
Dive into our investigation of WordPress malware and find out how mu-plugins are used to hide backdoor threats.
Learn about the steps we took to uncover and neutralize a malware infection redirecting WordPress traffic to dangerous URLs.
Learn about the ClearFake Trojan malware distributed via WordPress sites, its tactics, and how to safeguard your online experience.
Learn about the fake Google Chrome update malware, a common form of website malware that tricks users into downloading a remote access trojan disguised as a browser update. Understand how it works, its impact on websites, and how to protect your site from such threats. Stay updated on the latest malware trends with Sucuri.
Discover the latest waves of the ongoing Balada Injector malware campaign targeting unpatched tagDiv premium WordPress themes. Dive into the technical details of the injected scripts, explore their functionality, and understand the potential threats they pose to site administrators.
A synopsis of the massive ongoing WordPress malware campaign: Balada Injector, including common techniques, functionalities, and vulnerability exploits used in attacks.
Learn how fake URL shorteners are redirecting hacked website traffic to crypto themed websites to generate fraudulent AdSense revenue.
Learn how attackers are redirecting WordPress website visitors to fake Q&A sites via ois[.]is. Nearly 15,000 websites affected by this malware so far.
We reveal how hackers have begun leveraging fake DDoS protection pages to trick users into downloading remote access trojans (RATs) onto their computers.
