"FBI: Hackers Used Malicious PHP Code to Grab Credit Card Data"

The Federal Bureau of Investigation (FBI) has issued a warning pertaining to a malicious actor stealing credit card information from the checkout pages of US firms' websites. According to the FBI, unidentified cyber actors scraped credit card data from a US business in January 2022 by injecting malicious PHP: Hypertext Preprocessor (PHP) code into the company's online checkout page and sending the scraped data to an actor-controlled server that spoofs a legitimate card processing server. The unknown cybercriminals also gained backdoor access to the victim's system by altering two files on the checkout page. In recent years, JavaScript-based Magecart card-skimming attacks have been the primary threat to e-commerce sites. However, PHP code continues to be a significant source of card skimming activity. In September 2020, the attackers began targeting US businesses by placing malicious PHP code into customized online checkout pages, but the actors switched methods earlier this year, employing a different PHP code. The actors use a debugging function to create a backdoor that enables the system to download two web shells onto the web server of a US corporation, providing the attackers with backdoors for further exploitation. The FBI recommends changing the default login credentials on all systems, monitoring requests made against an e-commerce environment to identify potentially malicious activity, segregating and segmenting network systems to limit how easily cybercriminals can move from one to another, and securing all websites that transfer sensitive information using the Secure Socket Layer (SSL) protocol. This article continues to discuss the FBI's recent warning pertaining to hackers' use of malicious PHP code to steal credit card data.  

ZDNet reports "FBI: Hackers Used Malicious PHP Code to Grab Credit Card Data"