Sign In

Communications of the ACM

ACM News

Hackers Rigged Hundreds of Ecommerce Sites to Steal Payment Info

View as: Print Mobile App Share:

The hackers modified existing files or planted new files that provided no fewer than 19 backdoors that the hackers could use to retain control over the sites in the event the malicious script was detected and removed, and the vulnerable software was updat

Credit: Igor Golovniov/Getty Images

About 500 ecommerce websites were recently found to be compromised by hackers who installed a credit card skimmer that surreptitiously stole sensitive data when visitors attempted to make a purchase.

A report published on Tuesday is only the latest one involving Magecart, an umbrella term given to competing crime groups that infect ecommerce sites with skimmers. Over the past few years, thousands of sites have been hit by exploits that cause them to run malicious code. When visitors enter payment card details during purchase, the code sends that information to attacker-controlled servers.

Sansec, the security firm that discovered the latest batch of infections, said the compromised sites were all loading malicious scripts hosted at the domain

From Wired
View Full Article



No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account