Contact

Fake GIF Leveraged in Multi-Stage Reverse-Proxy Card Skimming Attack

NetmanageIT OpenCTI - opencti.netmanageit.com

Fake GIF Leveraged in Multi-Stage Reverse-Proxy Card Skimming Attack



SUMMARY :

A sophisticated multi-stage carding attack on a Magento eCommerce website has been uncovered. The malware used a fake gif image file, local browser sessionStorage data, and a malicious reverse-proxy server to steal credit card data, login details, cookies, and other sensitive information. The attack targeted an outdated Magento 1.9.2.4 installation, exploiting its lack of support and security vulnerabilities. The malware injected JavaScript code disguised as Bing tracking code and utilized a tampered payment file to create a user-specific attack. This advanced technique allowed the attackers to intercept and manipulate all website traffic while remaining undetected by victims and administrators.

OPENCTI LABELS :

magento,multi-stage attack,javascript injection,ecommerce,reverse-proxy,sessionstorage,card skimming


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Fake GIF Leveraged in Multi-Stage Reverse-Proxy Card Skimming Attack