E-commerce store administrators should be very wary and constantly scan their site’s source code for any recent modifications, as is the case with two recent credit card stealing scripts discovered by the team at Sucuri.
The first of these was uncovered last month by Sucuri’s Ahmad Azizan, which discovered a piece ofinstallations, in the ./catalog/checkout_confirmation.php file.
This piece of encoded PHP code was collecting data users entered on their checkout pages and was mailing it to the attacker. The credit card stealer collected everything users entered in the form, such as credit card numbers, the card barer’s name, the card’s expiration date, and even the CCV number.
Today, Sucuri researchers found a similar script, unrelated to the first, but this oneplatforms.
Just as the first, this one was also collecting credit card information, the same details as above, and was emailing all this data to the firstname.lastname@example.org email address.
Sucuri’s Cesar Anjos says this credit card stealer script can be found on infected sites in the catalog/controller/payment/authorizenet_aim.php file.
Previously, this type of infection was usually found in Magento stores. Crooks like to target Magento stores more than any other platform mainly because of Magento’s dominant position in the e-commerce store building market.
“As you can see, ecommerce sites (and customers) have a lot more to lose when they get compromised as they process and deal with critical information from their users,” Anjos explained. “Whenever possible, we recommend using 3rd party providers, like Stripe or Paypal to reduce your PCI scope and do not allow credit card data to pass through your site.”