PHP Code utilised by threat actors to steal credit card data

May 20, 2022
PHP Code Threat Actors Steal Credit Card Data Card Skimmer

The FBI published an advisory regarding an individual scraping credit card data from the checkout web pages of businesses’ websites. The agency added that these unknown threat actors have unlawfully swiped credit card data from US businesses by deploying a malicious PHP Hypertext Preprocessor ‘PHP Code’ into the business’ online checkout webpages.

Furthermore, the threat actors have established backdoor access to the targeted systems by altering two files inside the checkout pages.

 

The threat actors that conduct ongoing attacks against US businesses are still at large because the usage of PHP Code can be attributed to numerous attackers.

 

Although the Magecart card-skimming attacks have been the greatest threat to e-commerce sites, the researchers are still hesitant to attribute the current attacks since the PHP Code is the source of different skimming activities.

Since September, threat actors have targeted the US businesses a couple of years ago, involving malicious code in their customised online checkout pages. However, this year, the threat actors altered their strategies by utilising a peculiar PHP feature.

A basic backdoor was developed by utilising a debugging function that enables the system to download two web shells onto the US company’s web server. This function allows the attackers’ backdoors to exploit the system further.

The FBI’s recommendation for mitigating these attacks’ effects includes changing default login credentials on all systems. The law enforcement agency also advises monitoring requests against the e-commerce environment to identify potentially malicious activities.

The segregation and segmentation of network systems are also needed for mitigating these attacks since they can limit the movement of threat actors in navigating across the entire network.

Another researcher has seen 41% of new credit card skimming malware samples from PHP-backed credit card skimmers last year. These findings imply that the scanning of JavaScript infections is not sustainable in reducing the risk of getting struck by credit card skimming attacks.

About the author