ECOMMERCE THREATS ARE CONSTANTLY EVOLVING
The Latest Malware Targeting eCommerce Stores
The latest Quarterly eCommerce ThreatScape Report is out. Over 20,000 hacked sites were detected by ThreatView and these are the most prolific Payment Card Harvesting Malware identified:
Top 5 Loader Malware Detected:
JS_loader_parrot (linked to Parrot TDS malware) targeting Wordpress, Joomla, Drupal, Magento 1, Magento 2, OpenCart
JS_loader_firstkiss (targets checkout page) targeting Magento 2, BigCommerce, Magento 1
JS_loader_injector_google_ads (mimics Google Analytics script) targeting Wordpress, Magento 2, OpenCart, Magento 1, Joomla
JS_loader_cloudsonicwave (targets Wordpress Popup Builder) targeting Wordpress, PHP
JS_loader_kritec (loader associated with Magecart) targeting Magento 2, Wordpress, Prestashop, OpenCart, Magento 1, OpenMage.
Top 5 Skimmer Malware Detected:
JS_skimmer_z3r0day (part of the Cardbleed family) targeting Magento 1, Magento 2, Wordpress, Squarespace
JS_Skimmer_Gclon targeting Magento 1, Magento 2
JS_skimmer_united81 (considered part of Magecart family) targeting Magento 1, Magento 2, Wordpress, Drupal
JS_skimmer_dedwards_packed targeting Wordpress, OpenCart, Magento 1, Magento 2, Joomla
JS_skimmer_google_ads (mimics Google Analytics script) targeting Wordpress, OpenCart, Magento 1, Magento 2
NEW MALWARE / IOCS / LEGIT FILES USED MALICIOUSLY IDENTIFIED THROUGH FORENSIC INVESTIGATIONS IN THE LAST MONTH
Zheng Webshell
foobarloader backdoor
favico uploader
tmpname5 uploader
migk loader
charLoader
SharPyShell Webshell
LummaStealer Dropper
JS_skimmer_checksum_obfuscated
New Malware Identified Through Forensic Investigations
DIGITAL SKIMMERS & LOADERS
Over the last 7 years, Digital Skimmers have been the most widely used malware for payment data theft. That trend has however, been slowly changing until early 2024 when Digital Loaders became more prevalent than Digital Skimmers.
This is a significant point in the fight against cyber crime in the eCommerce world as it shows that technologies like ThreatView have become so good at detecting Digital Skimmers that we are disrupting the criminal process. The next stage of their attack is to use Digital Loaders.
WHAT IS A DIGITAL LOADER?
A Digital Loader is usually a small script that tells a website visitor's browser to fetch a piece of code from another website. It effectively LOADS the code into the visitor's browser to do whatever it is designed to do. Most loaders in the eCommerce world are designed to covertly load Digital Skimmers into a visitor's browser, capturing any relevant payment data before it even reaches the website.
Digital loaders are a challenge to detect without appropriate technology and we're constantly seeing them evolve and develop as the cyber security world adapts.
DIGITAL SKIMMERS AND LOADERS
What you need to know to protect your business
WHAT ELSE TO CONSIDER
A Digital Loader or Digital Skimmer is the final step in the attack and it is the part that does the theft of your customer data. Leading up to that point, the criminals will need to have found a way to break in, a backdoor/webshell to enable them to break back in and re-establish their attack should their user access be detected and shut down, and they may have made other changes to the site.
Our recommendation is if you detect a Digital Skimmer or Loader, you should do a full threat sweep of your eCommerce infrastructure to make sure there isn't some other nasty hidden code within your site.
Naturally, this is what we can help you with. To help you get proactive. Stay ahead of the criminals, detect their movements and shut down any future attacks.
DIGITAL SKIMMERS AND LOADERS
What you need to know to protect your business
DIGITAL SKIMMERS - MAGECART AND OTHERS
A digital skimmer refers to malicious code inserted into the checkout pages of online stores. This code operates by capturing credit card details entered by customers during the checkout process and transmitting this sensitive information to a server controlled by the attacker.
Due to the stealthy nature of this attack and the utilisation of advanced concealment techniques, digital skimmers can remain undetected for extended periods, potentially accumulating vast amounts of credit card data over time. Well known names of malware in this category are Magecart, FakeGA, FirstKiss, R3nin.
Notably, digital skimmers have been implicated in several prominent security breaches involving well-known companies such as Ticketmaster, Tupperware, and British Airways. Additionally, they have been utilized in extensive automated attacks targeting eCommerce platforms like Magento, Wordpress, Magecart, OpenMage, Drupal, Joomla and others.
Whether overseeing security for a large corporation or managing a small online business, it is essential to comprehend the methods employed by digital skimmers to safeguard both your enterprise and its clientele.