Cybercriminals hijack Magento Realex Payments extension to steal payment card data. Experts at Sucuri are observing massive attacks.
Cybercriminals continue to target Magento platform to steal credit card data. Crooks have been abusing a payment module to steal payment card data from online shops running on Magento e-commerce platform.
According to experts at security firm Sucuri, the hackers are targeting module is the Realex Payments Magento extension (SF9), that integrates with the Realex Realauth Remote payment gateway.
The extension allows the administrators of Magento installs to process mail and telephone orders by entering the payment details.
The experts highlighted that the Realex Payments extension is not affected by any vulnerability, the attackers are abusing it once compromised the Magento installation.
The researchers at Sucuri noticed that crooks added a malicious function called sendCcNumber() to an SF9 file named Remote.php.
This function gathers personal and financial data entered by users and sends it back to an email address controlled by the attacker.
“In this particular case, we found a malicious function specifically targeting the Magento payment module SF9 Realex. SF9 integrates with the Realex RealAuth Remote and Redirect systems, very popular solutions in the Magento community.” reads the analysis published by Sucuri.
“The malicious function had been injected after the website was compromised through a different vulnerability, therefore the component itself (SF9 Realex) wasn’t the source of the problem.”
The researchers also noted that the crooks leverage binlist[.]net to get the Issuer Identification Numbers (IIN) (The first 6 digits of a credit card number).
The experts at Sucuri have observed “massive attacks” where hackers used the injection of malicious scripts into Magento websites in an attempt to steal payment card data.
The researchers warn of a spike in the attack against the e-commerce platforms, for this reason, it is essential to keep websites up to date and apply all security updates.
“Magento credit card stealers are indeed on the rise. While the information here is specific to Magento, realize that this can affect any platform that is used for ecommerce,” concluded the analysis at Sucuri. “As the industry grows, so will the specific attacks targeting it. That’s why it is so important to keep your Magento website up to date and apply all the latest security patches!”
Recently, security expert Willem de Groot discovered a new SQL malware targeting online shops running on Magento that was able to hide its malicious code in the website’s database.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.