Cybercriminals are collecting payment card data from Magento stores, hiding the stolen data inside JPG images, which they are downloading from infected stores without raising any suspicions.
Sucuri says it came across a Magento store that had been compromised by attackers, who modified a core CMS file, Cc.php, tasked with handling credit card data. The attackers added extra code to this file, which recorded the payment card details users entered in the checkout form and saved it at the end of a local image.
According to Sucuri, the hackers use steganography to exfiltrate stolen data. Steganography is the technique of hiding text data inside an images source code.
Magento hackers used steganography before to steal payment card details from sites they infected and tricked admins into thinking they were running updated versions.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now