image courtesy pixabay.com
Cybercriminals are focusing on the 404 error pages of e-commerce platforms, executing skimming campaigns to illicitly obtain credit card data from customers.
Miscreants are fabricating 404 error pages on retail websites, using them as a façade to conceal malicious code and abscond with credit card data from unsuspecting customers. These malicious actions have been identified by researchers from Akamai Security Intelligence Group. Bleeping Computer has reported various other methods utilized in these attacks, including embedding code within the HTML image tag’s “onerror” attribute and an image binary, creating an appearance of the Meta Pixel code snippet.
Though the primary targets of this campaign are Magento and WooCommerce sites, hackers are also directing their efforts towards reputable organizations in the food and retail sectors, as highlighted in the report.
A thorough analysis conducted by security researchers has revealed that the hackers orchestrating this campaign have tampered with the default error pages of websites to conceal malevolent code. This code presents a counterfeit form to website visitors, coaxing them to input sensitive information such as credit card numbers, expiration dates, and security codes.
Additionally, the victims are confronted with a fabricated “session timeout” error once they submit their data through the fraudulent form. Simultaneously, the information shared by them is dispatched to the hacker via an image request URL, with the data encapsulated as a query parameter. This methodology aids the attackers in evading detection by network monitoring tools, as the request appears to be a harmless image retrieval event.
Although cyber criminals have previously targeted online stores to purloin crucial user data, the strategy of manipulating error pages and employing concealment techniques is deemed “highly innovative,” marking a novel development in the realm of cyber threats, as stated in Akamai’s report.
The report underscores the constantly evolving nature of web skimming techniques, showcasing their increasing sophistication, thereby rendering detection and mitigation significantly more complex.
News Courtesy: thehindu.com