Magento Credit Card Stealer Hack

The Magento Credit Card Stealer Hack is a very common hack.

This Stealer Hack usually targets Magento since Magento is an ecommerce platform there’s usually a payment being made allowing Hackers to steal credit card information or redirect payments to the hacker themselves.

Overview of how the hack is implemented.

  1. A vulnerability is exploited and a stealer hack is put in place.
  2. When an order is made the customer details and payment information are usually email directly to an email or stored in a file the hacker can simply remotely access to see all data.
  3. The injected hack is usually pretty simple and can be done with just a few lines of code
  4. The hack can sometimes be hard to detect since it’s usually “hidden in plain site” in unencoded or non-deofuscated code.

The hack generally will be injected into just one file.

We’ve seen in the past where the data is written to a .jpg or .png image file, to try and hide the credit card details better.

The most common Magento files infected are:

  • /app/code/core/Mage/Payment/Model/Method/Cc.php
  • /app/code/core/Mage/Payment/Model/Method/Abstract.php
  • /app/code/core/Mage/Customer/controllers/AccountController.php
  • /app/code/core/Mage/Customer/controllers/AddressController.php
  • /app/code/core/Mage/Admin/Model/Session.php
  • /app/code/core/Mage/Admin/Model/Config.php
  • /app/code/core/Mage/Checkout/Model/Type/Onepage.php
  • /app/code/core/Mage/Adminhtml/controllers/Cms/WysiwygController.php
  • /includes/config.php

If you accept Paypal on your Magento site the hack may simply send the paypal payment to the hackers Paypal account instead of yours.

How to protect against the Magento Credit Card Stealer Hack?

Magento has a new Security scanner to show you if your installation is vulnerable to the Credit Card Stealer Hack.

Scan your Magento Site For Security Vulnerabilities

follow and like us:
Author :