"Hackers Inject Credit Card Stealers into Payment Processing Modules"
By hiding malicious code within the 'Authorize.net' payment gateway module for WooCommerce, a new hacking campaign designed to steal credit card information is able to evade detection by security scans. Traditionally, when threat actors breached e-commerce websites such as Magenta or WordPress websites running WooCommerce, they injected malicious JavaScript into the HTML of the store or customer checkout pages. These scripts will then steal credit card numbers, expiration dates, CVV codes, addresses, phone numbers, and email addresses entered by customers during the checkout process. However, many online merchants now collaborate with security software firms that check the HTML of public-facing e-commerce websites for malicious scripts, making it more difficult for threat actors to remain hidden. In order to evade detection, the threat actors are injecting malicious scripts into the payment gateway modules used to process credit card payments during checkout. Since these extensions are typically only called after a customer submits credit card information and completes a purchase, it may be more difficult for cybersecurity solutions to detect them. Sucuri website security researchers found the new campaign after being asked to check an unusual infection on one of their client's systems. This article continues to discuss researchers' findings and observations regarding the new credit card-stealing hacking campaign.
Bleeping Computer reports "Hackers Inject Credit Card Stealers into Payment Processing Modules"