A new skimmer has appeared on the Internet designed to secretly collect payment details in online stores on the Magento platform. To protect their brainchild from detection, the authors of the malicious JavaScript script use the name of the well-known information security company Sucuri .
The analysis showed that the script embedded in the pages of compromised sites is not much different from their counterparts. It runs at checkout, steals data entered into a web form, and sends it to a third-party server.
The skimmer encodes the collected information in base64, using the capabilities of CMS Magento on behalf of Sucuri. The malware also falsely indicates that the elements of the data array belong to sucuri_firewall.
The withdrawal of stolen data is carried out using a legitimate gateway hosted on the network of the Dutch hosting provider Veeble. The attackers opened their account with the hoster under the name sucurrin. In order not to arouse suspicion, they even provided a redirect to the original Sucuri.net site. According to researchers, the fraudulent account has already been blocked.
According to experts, strict integrity control and monitoring of security events can save Magento sites from malicious implants. Installing a reliable firewall can also help minimize risks.
The analysis showed that the script embedded in the pages of compromised sites is not much different from their counterparts. It runs at checkout, steals data entered into a web form, and sends it to a third-party server.
The skimmer encodes the collected information in base64, using the capabilities of CMS Magento on behalf of Sucuri. The malware also falsely indicates that the elements of the data array belong to sucuri_firewall.
The withdrawal of stolen data is carried out using a legitimate gateway hosted on the network of the Dutch hosting provider Veeble. The attackers opened their account with the hoster under the name sucurrin. In order not to arouse suspicion, they even provided a redirect to the original Sucuri.net site. According to researchers, the fraudulent account has already been blocked.
According to experts, strict integrity control and monitoring of security events can save Magento sites from malicious implants. Installing a reliable firewall can also help minimize risks.
