14 DAY TRIAL // Security researchers from Sucuri say they discovered a credit card stealer that targets Magento stores where the owners are using the Braintree extension to handle credit card payments.
Braintree, a service that allows anyone to accept credit card payments, provides an extension named Braintree Payments for Magento store owners in order to help them handle credit card transactions via their Braintree account.
Sucuri says that crooks who manage to hack into Magento sites using one method or another are infecting sites with special malware designed to help them steal credit card details entered in the Braintree payment forms that collect the user's credit card information.
They say that whenever a user reaches the payment page, the credit card stealer checks the form every second to see if the user has entered anything in the fields.
Once credit card details are entered, the malware collects this data and readies it for exfiltration.
"It’s interesting how hackers transfer the stolen sensitive data to their site," John Castro of Sucuri notes. "They dynamically build an image tag that links to the attacker-controlled 'scriptb[.]com' site, passing all the stolen data in the image URL parameters (not even encrypting them)."
To avoid infection, it is important that Magento store owners follow the company's Security Best Practices, a set of recommendations to harden their shop's defenses.
