Researchers have discovered two new tricks actively used by a hacker group called the Magecart hackers to steal payment card details. Their target is mainly e-commerce websites and any other platform that hosts a bunch of customers’ payment details.
Image Source: www.metro.co.uk
Researchers have discovered that Magecart hackers steal payment card details using two techniques. One of these tricks is steganography. This involves the hiding of codes under unsuspected files such as an image file to launch an attack.
According to the director of threat intelligent at Malwarebytes Jerome Segura, a Twitter user discovered an image that was actually a credit card skimmer. The image looked like any other free shipping ribbon but actually contained a malicious script that can steal payment card details.
According to Segura, the Magecart hackers have also resorted to using another trick called the webSocket protocol for communication instead of using HTTP. The webSocket protocol has the ability of real-time data transfer. However, Segura stated that hackers are not interested in this ability.
According to him, the WebSocket provides a more covet way for hackers to exchange data instead of the usual HTTP request-response. Hackers have over the years changed their approach when the old approach gets exposed. Many of them have developed more potent and less suspicious ways of stealing payment card details to be uploaded on the dark web for sale.
The number of successful attempts by Magecart hackers using this approach was not revealed, but it is likely that many people have already been victimized by the silent but potent cybercrime method just like their previous successful attempts.
Image Source: www.malcare.com
The discoverer of the method advised that the best way to defend against this WebSocket approach is to adjust the connect-src settings in the Content Security Policy on the web page. This helps to control which URL to load using the scrip interface according to the report. It was reported that the Magecart hackers is allegedly made up of about twelve criminal groups.
Their sole mission is to steal payment card details from e-commerce websites and other companies and sell them on the dark web for other criminals to use them for further damage. According to research, thousands of websites have been infected by malicious links used by the Magecart hackers.
According to information, the hackers made the modification with a simple code to redirect payment card details to the hackers’ server anytime someone clicks on the “submit button” after entering payment card information. Most of these created forms look very legit and very difficult to suspect. Not just Magecart hackers, many other hackers have used similar methods to steal millions of credit card details.
Most of the e-commerce websites do not store customers’ payment card details. Due to this, hackers do not mostly attack the platforms directly but redirect their entered payment details to a fake form created by the threat actor. In order to be safe from this, it is important for e-commerce websites to run a constant scan on their platforms to ensure the safety of customers.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.