Hackers are faking 404 error pages of online retailer’s websites to hide malicious codes and steal customer’s credit card information. These attacks are part of a variant observed by researchers of Akamai Security Intelligence Group. Other attacks methods include concealing code in the HTML image tag’s “onerror” and an image binary to make it appear as the Meta Pixel code snippet, Bleeping Computer reported.
While the campaign is mainly targeted at Magento and WooCommerce sites, hackers are also targeting renowned organizations in the food and retail sectors, the report said.
Analysis by security researchers found that the hackers behind the campaign have altered the default error page for websites to hide malicious code. The code displays a fake form that the website visitors are expected to fill out with sensitive details including their credit card number, expiration data, and security code.
Once victims share the data on the bogus form, they get a fake “session timeout” error. Meanwhile, the information shared by them is sent to the hacker via an image request URL carrying the string as a query parameter. This helps the attackers evade detection by network monitoring tools, as the request looks like a benign image fetch event.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
While hackers have targeted online stores in the past to steal sensitive user information, the idea of manipulating error pages and the concealment technique is “highly innovative” and something that hasn’t been seen in the past, read Akamai’s report.
The report further along with the methods used in the campaign reinforces the fact that web skimming techniques are constantly evolving, and are becoming more sophisticated, which makes detection and mitigation more complicated.
COMMents
SHARE