Menu
Hackers hide stolen payment card data inside website product images

Hackers hide stolen payment card data inside website product images

The technique makes the compromises harder to detect and prolongs the theft

Attacks that compromise online shops to skim payment card details are increasing and growing in sophistication. The latest technique involves hiding malicious code and stolen data inside legitimate files.

A Dutch researcher reported last week that almost 6,000 online shops, most of them built with the Magento content management system, have malicious code that intercepts and steals payment card data during online transactions. The online storefront of the U.S. National Republican Senatorial Committee (NRSC) was among those websites until earlier this month.

His research also showed that in many cases these compromises go undetected for up to a year. This has to do with the poor understanding of the problem by webmasters who believe that if their sites use HTTPS or a third-party payment processor the customer data is safe. Another factor is hackers' efforts to hide their trails.

Researchers from web security firm Sucuri recently investigated an online shop compromise that wasn't detected by automated scans. On manual investigation, they noticed that one of the site's core files, called Cc.php, had recently been modified.

When analyzing the file, they found malicious code designed to steal payment card data and store it inside an image file. This technique of hiding data inside files with unsuspicious extensions, such as image files, is not new and is intended to avoid detection.

While these files masquerade as images, they are not typically functional, but this wasn't the case in the Magento hack investigated by Sucuri. The file in which the stolen payment card details were stored was actually a legitimate image depicting one of the products sold on the website.

The stolen data was appended at the end, after the image data, keeping the original image intact and viewable in a browser. This method is known as steganography and is even harder to detect than some other ways of hiding data.

"To obtain the stolen numbers, the attacker would not even have to maintain access to the site," Sucuri researcher Ben Martin said in a blog post. "The image was publicly accessible. All the attacker would need to do is download the image from the website just like any other and view its source code."

Sucuri found the same online card swiper infection on other websites, most of them from the U.S., but also from countries like Japan, Turkey, and Saudi Arabia. This means these attacks don't focus on a single country or region.

Companies who run their own online shops should monitor the integrity of their websites and investigate any suspicious modifications of existing files. Unlike other website hacks, these online skimming attacks don't generate any errors or messages that users can report back to the website owner. They simply work silently in the background.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags hacking

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments