MageCart Group12 Employing New Technique to Target E-Commerce Websites

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

MageCart Group12 is known for targeting e-commerce websites with the goal of skimming payment information from online shoppers and selling them on the dark web. The credit-card skimmer group is using PHP web shells to secure remote administrative access to the sites under attack to steal credit-card data, rather than using their previously favored JavaScript code, which they simply installed into vulnerable sites to log the information keyed into online checkout sites.

Researchers from Sucuri have learned that the scammers are saving their stolen credit-card data in .JPG files until they could be exfiltrated from compromised e-Commerce sites running Magento. Most users are stuck in an old version of Magento and are unable to upgrade because they do not have sufficient funds to hire the developer back once their site becomes out-of-date and vulnerable. 

The cost to migrate a Magento 1 website (which had its end of life in 2020) to the more secure Magento 2 ranges from $5,000 to $50,000. Researchers believe that Magecart will continue to evolve and enhance its attacking techniques as long as its cybercrimes keep turning a profit. 

“The file named Magento.png attempts to pass itself as ‘image/png’ but does not have the proper .PNG format for a valid image file. The way it is injected in compromised sites is by

[…]

Read the original article: MageCart Group12 Employing New Technique to Target E-Commerce Websites