Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,467
- Points
- 113
Recently, thousands of online stores using the Magento platform fell victim to a cyberattack - cybercriminals injected malicious code that steals customer bank card details. Against the background of this campaign, the Russian cybercriminal decided to sell video instructions for hacking Magento installations.
It all started with the fact that the company Sansec, specializing in the study of skimming attacks, identified 1904 online stores that hosted malicious JavaScript code that extracts and transfers bank card data to attackers.
“This malicious campaign is the largest in the history of such activity, since 2015, when we started monitoring such attacks. The last record was recorded in July last year - 962 hacked online stores, ”the company's specialists wrote.
According to the latest data, cybercriminals have stolen personal data belonging to "tens of thousands of online shopping fans." The cybercriminals' operation became such a success thanks to the 0-day exploit, which is being sold by a Russian-speaking hacker under the pseudonym “z3r0day”.
For just $ 5,000, z3r0day will show you how to exploit a vulnerability in web software and inject a skimming code into the files of an online store, while authentication can be bypassed. The Russian-speaking hacker promised not to sell the exploit to more than ten people interested.
Sansec shared information about the use of the exploit in attacks and even tracked down where the payment data was sent - to a website located in Moscow. Unfortunately, the vulnerability is not easy to patch, so visitors to online stores are at risk.
It all started with the fact that the company Sansec, specializing in the study of skimming attacks, identified 1904 online stores that hosted malicious JavaScript code that extracts and transfers bank card data to attackers.
“This malicious campaign is the largest in the history of such activity, since 2015, when we started monitoring such attacks. The last record was recorded in July last year - 962 hacked online stores, ”the company's specialists wrote.
According to the latest data, cybercriminals have stolen personal data belonging to "tens of thousands of online shopping fans." The cybercriminals' operation became such a success thanks to the 0-day exploit, which is being sold by a Russian-speaking hacker under the pseudonym “z3r0day”.
For just $ 5,000, z3r0day will show you how to exploit a vulnerability in web software and inject a skimming code into the files of an online store, while authentication can be bypassed. The Russian-speaking hacker promised not to sell the exploit to more than ten people interested.
Sansec shared information about the use of the exploit in attacks and even tracked down where the payment data was sent - to a website located in Moscow. Unfortunately, the vulnerability is not easy to patch, so visitors to online stores are at risk.