Researchers are encouraging developers who use Magento to remain vigilant about securely configuring their sites, as attackers have been embedding credit card swipers in sites running the open source ecommerce platform.
The swipers, or scrapers, are bits of malicious code that collect credit card numbers, login details and other information and forward it to attackers. While criminals have been targeting sites running the platform for months, they’ve only just recently started embedding that information in obscure image files.
In an even more confounding twist, in one recent instance an image that was hiding stolen credit card numbers was legitimate and publicly viewable, meaning an attacker wouldn’t even have to go to the trouble of accessing the site to get the information. They could simply view or download the image from the affected site.
While a cursory scan of the affected site came up clean, Ben Martin, Remediation Team Lead at the security firm Sucuri, eventually discovered the swiper code, along with the image file that stores the stolen credit card details, nestled in a Magento core file, “Cc.php.”
It’s rare for the image file to actually contain a real image, Martin wrote in a blog post on Monday; usually users receive an error when they try to access image files storing data. In this case, the image not only worked, it was also of a product, a perfume, being sold on the site.
“Most website owners would be none the wiser if they came across this image and opened it to make sure it worked,” Martin wrote in the blog.