Security researchers from Sucuri say they discovered a credit card stealer that targets Magento stores where the owners are using the Braintree extension to handle credit card payments.
Braintree, a service that allows anyone to accept credit card payments, provides an extension namedfor Magento store owners in order to help them handle credit card transactions via their Braintree account.
that crooks that manage to hack into Magento sites using one or another method are infecting sites with special malware designed to help them steal credit card details entered in the Braintree payment forms that collect the user’s credit card information.
They say that whenever a user reaches the payment page, the credit card stealer checks the form every second to see if the user has entered anything in the fields.
Once credit card details are entered, the malware collects this data and readies it for exfiltration.
“It’s interesting how hackers transfer the stolen sensitive data to their site,” John Castro of Sucuri notes. “They dynamically build an image tag that links to the attacker-controlled ‘scriptb[.]com’ site, passing all the stolen data in the image URL parameters (not even encrypting them).”
To avoid infection, it is important that Magento store owners follow the company’s, a set of recommandations to harden their shop’s defenses.