October 10, 2023 at 06:06AM
A new Magecart campaign is using websites’ 404 error pages to conceal malicious code, according to security researcher Roman Lvovsky. The campaign targets Magento and WooCommerce websites, inserting the code directly into HTML pages and scripts. The attacks use a multi-stage process to capture and exfiltrate visitor data on checkout pages. Three variations of the campaign, including obfuscation techniques, are being used to evade security measures. Lvovsky notes that manipulating 404 error pages provides Magecart actors with creative options for improved hiding and evasion.
Key Takeaways from Meeting Notes:
– A sophisticated Magecart campaign has been observed targeting Magento and WooCommerce websites.
– The campaign involves manipulating websites’ default 404 error pages to conceal malicious code.
– The attacks use a multi-stage chain and are designed to capture sensitive information entered by visitors on checkout pages.
– The attackers obfuscate the skimmer code in three different ways: using 404 error pages, malformed HTML image tags, and fake Meta Pixel code snippets.
– The goal is to evade security measures and prolong the lifespan of the attack chain.
– Manipulating the default 404 error page offers Magecart actors creative options for improved hiding and evasion.
It is important to closely monitor website security and put measures in place to detect and prevent such attacks.
Full Article – https://ift.tt/GtFhc1Z