Sucuri Company Researchers find out the attacker use Malicious code to steal bank card information from Magento.
Safety Researchers point out hacker using Magento core loophole to attack and they know the details how the platform works. Attacker collects all the bank information when users submit to the website. the method has put the code on the website, the method they input the code to your website, we don’t know it.
Researcher indicates: Attacker can collect all the information from post request, analyze the code from collecting information, the bank card information will send to the virtual image, encrypt and unencrypt in this picture.( I learn something from Delphi, picture can hide in another picture, also, the code can be hidden in the picture.)
$y0 = ‘/home/cloudpanel/htdocs/www.site_name_removed.ca/skin/adminhtml/default/default/images/icon_feed_bg.gif’;
Researcher finds out there is a way that injects the code to “Magento Checkout” to steal data. The banks card inforamton will be collected before the transaction, then all the unencrypt information will mail to the attacker.
Because attacker knows how the platform works, all the thing they need to do is use block’s variable and the bank information in this variable is unprotected. in order to hide, the attacker will clear the trace and disguised as a user agent. they will edit the picture’s create time and set as “jpeg”.
Before, Sucuri Company found the loophole from the same block, but, this time is more important.