Credit Card Stealer Targets PsiGate Payment Gateway Software

Magento’s payment provider gateway offers functionalities for site owners to integrate stores with payment service providers. This handy feature lets a website create and handle transactions based on order details and allows for out-of-the-box integrations with payment service providers like PayPal and Braintree.

Since these gateways are responsible for helping businesses accept online payment methods and handle valuable information including personal information and credit card numbers, it’s not surprising to find that payment service gateway software can also be leveraged by bad actors looking to steal sensitive details from vulnerable e-commerce websites.

Continue reading Credit Card Stealer Targets PsiGate Payment Gateway Software at Sucuri Blog.

Analyzing a WooCommerce Credit Card Skimmer

The number of credit card skimmers targeting WooCommerce websites has skyrocketed over the past year, and threat actors have become increasingly creative in the different ways they obfuscate their payloads to avoid traditional detection.

During a recent investigation for an infected WordPress website, we discovered an obfuscated credit card stealer hiding amongst the website’s theme files which was exfiltrating stolen credit card details from the WooCommerce plugin.

Let’s dive into how we identified the skimmer and analyze its malicious behavior.

Continue reading Analyzing a WooCommerce Credit Card Skimmer at Sucuri Blog.

X-Cart Skimmer with DOM-based Obfuscation

Our lead security analyst Liam Smith recently worked on an infected X-Cart website and found two interesting credit card stealers there — one skimmer located server-side, the other client-side.

X-Cart’s e-commerce platform is not nearly as popular as Magento or WooCommerce and as a result we don’t see as many threat actors targeting it. While we do still regularly find skimmers on X-Cart sites, they are usually more customized and don’t look like typical Magecart malware.

Continue reading X-Cart Skimmer with DOM-based Obfuscation at Sucuri Blog.

Massive WordPress JavaScript Injection Campaign Redirects to Ads 

Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic.

As outlined in our latest hacked website report, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into compromised WordPress websites. This campaign leverages known vulnerabilities in WordPress themes and plugins and has impacted an enormous number of websites over the year — for example, according to PublicWWW, the April wave for this campaign was responsible for nearly 6,000 infected websites alone.

Continue reading Massive WordPress JavaScript Injection Campaign Redirects to Ads  at Sucuri Blog.

Examining Emerging Backdoors

Next up in our “This didn’t quite make it into the 2021 Threat Report, but is still really cool” series: New backdoors!

Backdoors are a crucial component of a website infection. They allow the attackers ongoing access to the compromised environment and provide them a “foot in the door” to execute their payload. We see many different types of backdoors with varying functionality.

When our malware research team is provided with a new backdoor they need to write what’s called a “signature” to ensure that we detect and remove it in future security scans.

Continue reading Examining Emerging Backdoors at Sucuri Blog.

Pin It on Pinterest