Menu
Hackers hide stolen payment card data inside website product images

Hackers hide stolen payment card data inside website product images

The technique makes the compromises harder to detect and prolongs the theft

Attacks that compromise online shops to skim payment card details are increasing and growing in sophistication. The latest technique involves hiding malicious code and stolen data inside legitimate files.

A Dutch researcher reported last week that almost 6,000 online shops, most of them built with the Magento content management system, have malicious code that intercepts and steals payment card data during online transactions. The online storefront of the U.S. National Republican Senatorial Committee (NRSC) was among those websites until earlier this month.

His research also showed that in many cases these compromises go undetected for up to a year. This has to do with the poor understanding of the problem by webmasters who believe that if their sites use HTTPS or a third-party payment processor the customer data is safe. Another factor is hackers' efforts to hide their trails.

Researchers from web security firm Sucuri recently investigated an online shop compromise that wasn't detected by automated scans. On manual investigation, they noticed that one of the site's core files, called Cc.php, had recently been modified.

When analyzing the file, they found malicious code designed to steal payment card data and store it inside an image file. This technique of hiding data inside files with unsuspicious extensions, such as image files, is not new and is intended to avoid detection.

While these files masquerade as images, they are not typically functional, but this wasn't the case in the Magento hack investigated by Sucuri. The file in which the stolen payment card details were stored was actually a legitimate image depicting one of the products sold on the website.

The stolen data was appended at the end, after the image data, keeping the original image intact and viewable in a browser. This method is known as steganography and is even harder to detect than some other ways of hiding data.

"To obtain the stolen numbers, the attacker would not even have to maintain access to the site," Sucuri researcher Ben Martin said in a blog post. "The image was publicly accessible. All the attacker would need to do is download the image from the website just like any other and view its source code."

Sucuri found the same online card swiper infection on other websites, most of them from the U.S., but also from countries like Japan, Turkey, and Saudi Arabia. This means these attacks don't focus on a single country or region.

Companies who run their own online shops should monitor the integrity of their websites and investigate any suspicious modifications of existing files. Unlike other website hacks, these online skimming attacks don't generate any errors or messages that users can report back to the website owner. They simply work silently in the background.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags hacking

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments