Menu
Hackers hide stolen payment card data inside website product images

Hackers hide stolen payment card data inside website product images

The technique makes the compromises harder to detect and prolongs the theft

Attacks that compromise online shops to skim payment card details are increasing and growing in sophistication. The latest technique involves hiding malicious code and stolen data inside legitimate files.

A Dutch researcher reported last week that almost 6,000 online shops, most of them built with the Magento content management system, have malicious code that intercepts and steals payment card data during online transactions. The online storefront of the U.S. National Republican Senatorial Committee (NRSC) was among those websites until earlier this month.

His research also showed that in many cases these compromises go undetected for up to a year. This has to do with the poor understanding of the problem by webmasters who believe that if their sites use HTTPS or a third-party payment processor the customer data is safe. Another factor is hackers' efforts to hide their trails.

Researchers from web security firm Sucuri recently investigated an online shop compromise that wasn't detected by automated scans. On manual investigation, they noticed that one of the site's core files, called Cc.php, had recently been modified.

When analyzing the file, they found malicious code designed to steal payment card data and store it inside an image file. This technique of hiding data inside files with unsuspicious extensions, such as image files, is not new and is intended to avoid detection.

While these files masquerade as images, they are not typically functional, but this wasn't the case in the Magento hack investigated by Sucuri. The file in which the stolen payment card details were stored was actually a legitimate image depicting one of the products sold on the website.

The stolen data was appended at the end, after the image data, keeping the original image intact and viewable in a browser. This method is known as steganography and is even harder to detect than some other ways of hiding data.

"To obtain the stolen numbers, the attacker would not even have to maintain access to the site," Sucuri researcher Ben Martin said in a blog post. "The image was publicly accessible. All the attacker would need to do is download the image from the website just like any other and view its source code."

Sucuri found the same online card swiper infection on other websites, most of them from the U.S., but also from countries like Japan, Turkey, and Saudi Arabia. This means these attacks don't focus on a single country or region.

Companies who run their own online shops should monitor the integrity of their websites and investigate any suspicious modifications of existing files. Unlike other website hacks, these online skimming attacks don't generate any errors or messages that users can report back to the website owner. They simply work silently in the background.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags hacking

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments