Magecart Attackers’ Core Technique Busted!

Magecart Attackers' Core

In a recent investigation, researchers from Sucuri, a website security firm, discovered how Magecart attackers conceal their activities while stealing users’ credit card data on a popular eCommerce platform. The attackers use fake JPG to gain access, operate in disguise, and retain the stolen data without triggering attention from website owners.

In 2020, over 8.3 billion data breaches were registered with Whisper, Twitter accounts, among others witnessing the highest attacks. Online payment gateways and eCommerce websites are likely liable to these threats because of the exchanged credit card information. Magento is one of the most accessed and utilized open-source eCommerce software, with more than one hundred thousand websites built on this platform.

In Sucuri’s investigation on a compromised Magento 2 eCommerce website, it was found that the attackers apply a malicious code on a given website before saving the data they have stolen from credit cards. This data is stored in a JPG file which allows the attacker to utilize it in the future.

How It’s Done! 

Precisely, a POST request is sent to the web server and asks to accept data enclosed in the body of the request message. In this way, it is stored and exposed to the checkout page. A post is usually used in online transactions if an individual uploaded a file to a website and, in other cases, when he or she submitted a complete form.

The attackers then introduce a PHP code into a file, and this code creates a JPG file that the cybercriminals utilize to store data from the breached site. By doing this, the hacker can access and retrieve any data without being detected.

Web Payments &eCommerce Platforms

Although  Magento Commerce software seems to be the prey, in this case, all open source eCommerce platforms are liable to cyber hacks.     Magento 2, just like other platforms, issues updated security protocols, although attackers always find ways to laminate their activities.

For those that may not know, Magecart is a collection of hacker groups and use the same tactics to attack eCommerce websites. They hide their operations in functionality that appears to be legal and authentic. With this, personal information and credit card details are all exposed to their malicious gains.

Findings indicate that Magecart attackers took advantage of Paypal iframes to gain access to users’ data. Similarly, Magento also became a victim for accomplishing the attackers’ goals. Once cybercriminals get hold of the users’ data, they can use it in any way or even auction it.

Therefore, as a web design or development agency, it’s crucial to follow upgraded security protocols to safeguard users’ data. For website owners, be keen on what request you respond to. Choose a reliable hosting solution and avoid requesting and keeping customers’ data.

Website users should also be vigilant in which websites they sign into. Optimizing your online security guidelines can help you escape a hallway of painful attacks. We believe that this crackdown can help provide insights to website security organizations.

About Umair Saddique

My name is Umair Saddique admin of Storifygo and I am a student at the Comsats University Islamabad. I started my graduation in 2016 and graduated in 2020. I'm a professional article and blog writer, have written dozens of content on different topics, and worked with professionals all over the globe. Feel free to contact me for any assistance. [email protected]

View all posts by Umair Saddique →