Malware Hides Credit Card Data From E-Commerce Stores in JPG File

Malware Hides Credit Card Data From E-Commerce Stores in JPG File

Researchers at website security company Sucuri report a sneaky method to steal payment card data from compromised online stores. 

Hackers have come up with a way to siphon the data without raising suspicions and evading detection. They do not try to send the card info which would likely result in detection. Instead, the hackers hide it in a JPG image and store it on the compromised website.

Sucuri researchers have been investigating an online shop running Magento version 2 which was compromised in a series of incidents known as Magecart attacks that have started years ago. In these attacks, cybercriminals gain access to a store and plant malicious code that steals customer card data at checkout.

The malware captured the information from the checkout page delivered through the Customer_ parameter. The data submitted on the checkout page and present in the Customer_ parameter includes payment card details, phone number, and postal address. If the customer was logged in, the code also stole the email address. 

But unlike in other attacks, this time Sucuri found a PHP file that loads additional malicious code by creating and calling the getAuthenticates function, Sucuri said in a blog post.

The code above also creates a JPG image that malware uses to store encoded payment card information.

Attackers can download the JPG file without triggering any alarms, as it looks like a regular download process initiated by the user.

The stolen card information can be used for credit card fraud or to deploy more targeted phishing or spam campaigns.

Sucuri says that website owners will likely miss this intrusion when checking for an infection, as the method is very stealthy. But they say integrity control checks and website monitoring tools should be able to detect code things like modifications and new files added.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.