A sneaky new credit card thief has been discovered hiding in hard-to-scan places and succeeding in stealing payments (opens in new tab) information without triggering an alarm.
A report from cybersecurity experts Sucuri details how it came across the malware when it was called in to investigate an “unusual infection” at one of its customers’ payment endpoints.
It turned out that the malware was hiding in the site’s WooCommerce payment gateway module, called Authorize.net, which processes payment data at checkout. Because this module works after the user submits data at checkout, cybersecurity solutions have a harder time detecting potentially malicious code hidden within it.
No vulnerabilities
Typically, attackers inject malicious code into the store’s HTML containing customer checkout pages. The code then grabs the data entered during checkout, giving hackers access to sensitive data such as full credit card numbers, CVV numbers, expiration dates, phone numbers, email addresses, and other important information.
But today’s cybersecurity solutions can scan the HTML code for malware and thus keep the e-commerce sites safe.
So this creative malware developer turned to the payment processing system Authorize.net. Apparently it is currently used by over 400,000 traders around the world.
But the WordPress ecommerce plugin WooCommerce, or the Authorize.net payment gateway, has no flaws or vulnerabilities, Sucuri stressed.
“Overall, they are both robust and secure payment platforms that are completely safe to use. Instead, this article emphasizes the importance of maintaining a good security posture and locking down environments to prevent manipulation by threat actors.”
“Like any piece of software, if malicious actors penetrate an environment, they can tamper with existing controls,” they conclude.
To stay safe, companies are advised to monitor file integrity, keep a close eye on modified files, and are urged to “take every possible route to keep attackers at bay”.
Through: Beeping computer (opens in new tab)
