Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
No Cookies for CartThief, a New Magecart Variant
#1
Quote:A new variant of the Magecart attacks has been targeting smaller e-commerce operations, according to The Media Trust’s digital security and operations (DSO) team.
Researchers found a new type of malware that targets payment pages on legitimate Magento-hosted retail sites. Dubbed CartThief, the malware’s behavior is similar to that of the current iteration of the Magecart malware.

As soon as credit card information is entered into a checkout page and a payment is submitted, the malware collects, encrypts and sends personally identifiable (PII) and financial information to the malicious actors’ command-and-control server.
What sets this malware apart is the method used to encode or obfuscate the malicious domain and the PII data collection activity. To avoid arousing suspicion and sneak past many blocking technologies, there are no user-identifying cookies or source codes to set off alarms for users. The absence of cookies is one feature that differentiates CartThief from other Magecart variants.

Source: https://www.infosecurity-magazine.com/ne...ief-a-new/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
The slowest Meteor Lake spotted: Intel C...
Intel Core Ultra 5...harlan4096 — 12:47
Microsoft Edge fixes 0-day vulnerability...
Microsoft released...harlan4096 — 10:12
AnyDesk 8.0.9
AnyDesk 8.0.9:   ...harlan4096 — 10:10
AMD Confirms RDNA 3+ GPU Architecture F...
AMD Zen5-based Strix...harlan4096 — 10:08
Adobe Acrobat Reader DC 24.001.20629 (Op...
Adobe Acrobat Read...harlan4096 — 10:06

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>