Cyber criminals have embedded a malicious code in more than five thousand websites, offering their services, and are now attacking more than fifty sites every day – installing malicious credit card stealing script. According to Willem de Groot, who is a programmer and knows more than fifteen different programming languages, the hackers are attacking websites with an outdated version of Magento-running websites. Magento is an e-commerce platform that helps developers build an online shopping cart system.
However, once the debit/credit card information is seized, malicious code on those websites then transfers the card’s information to the servers of the hacker’s choice.
Additionally, a similar attack took place against the United States National Republican Senatorial Committee websites, where people who purchased the merchandise to show their support were skimmed off, and their information was sent to the hackers. After this hack was discovered, the organization refused to comment on anything related to this loss, nor did it guarantee the safety of the hacked information. Nevertheless, according to one report, the committee removed the malicious script in August, freeing their website from the malicious code.
On the other hand, de Groot’s research suggests that the hackers took their time in collecting the information over a period of more than five months, where they were able to collect details of around twenty thousand credit cards.
We decided to check a website from the list to see how many visitors it generated. A normal website, such as flairbeds.co.uk, has more than five thousand unique visitors. Let’s hypothetically assume that if those five thousand visitors all made a purchase, then those five thousand credit/debit cards are now sitting on the hacker’s server – literally. This is just one website; there are more than five thousand websites listed.
And let’s not forget that the hackers are increasing the numbers on this list every day.
Note** The current list published online includes a number of well-established businesses and state-sponsored organizations. If you are interested in checking the listings, click here.
“Victims vary from car makers (Audi ZA) to government (NRSC, Malaysia) to fashion (Converse, Heels.com), to pop stars (Bjork) to NGOs (Science Museum, Washington Cathedral),” says de Groot on his blog.
However, if you are thinking that this breach is only impacting the United Kingdom or the United States, you’re wrong. According to de Groot, the hackers have disturbed websites in New Zealand and Australia, including local big brands, as well as international brands who have local websites in both countries.
Furthermore, other major websites, such as the National History Museum and the Franklin Institute in the United States, are also on the list of hacked websites.
Even though some of the major brands running their online stores via the Magento platforms remain unaffected, de Groot – who has his eyes on these hacks – says a new wave of these attacks will be extremely furtive.
When the developer contacted some of the website owners on the list, they responded very calmly. According to the developer, all he got was a “thank you,” saying that the websites were safe, as they were using HTTPS, or that they had the McAfee or Symantec security seal on their website.
“We do not care; our payments are handled by a 3rd party payment provider,” says a website owner, when de Groot discussed their website being affected by the malicious script. “Thanks for your suggestion, but our shop is totally safe. There is just an annoying JavaScript error.”
Well, apparently, those seals are not as effective as they seem, and all those “thank-you-we-are-safe” websites have malicious code in them. To put it simply, the script only redirects the information to the hacker’s server, making it extremely stealthy and difficult to detect.
However, Willem de Groot has also discovered more than five different versions of the malicious script tailored for stealth. They are added with customized task remote executions, while also having several layers of protection, making it difficult for the experts to analyze them. All of these variations of the malicious code have been sent for analysis, and if you want to keep up with the research, visit de Groot’s blog.
Source: Nighly Secure, Gitlab
You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: Follow @AnonymousNewsHQ
This article (Hackers Stole Credit Cards from Over 5000 Online Stores) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.