14 DAY TRIAL // E-commerce store administrators should be very wary and constantly scan their site's source code for any recent modifications, as is the case of two recent credit card stealing scripts discovered by the team at Sucuri.
The first of these was uncovered last month by Sucuri's Ahmad Azizan, who found a piece of code in osCommerce installations, in the ./catalog/checkout_confirmation.php file.
This piece of encoded PHP code was collecting data users entered on their checkout pages and was mailing it to the attacker. The credit card stealer collected everything users filled in the form, such as credit card numbers, the card barer's name, the card's expiration date, and even the CCV number.
Today, Sucuri researchers have found a similar script, unrelated to the first, but this one targeting OpenCart platforms.
Just as the first, this one was also collecting credit card information, the same details as above, and was emailing all this data to the [email protected] email address.
Sucuri's Cesar Anjos says this credit card stealer script can be found on infected sites in the catalog/controller/payment/authorizenet_aim.php file.
Previously, this type of infection was usually found in Magento stores. Crooks like to target Magento stores more than any other platform mainly because of their dominant position in the e-commerce store building market.
"As you can see, ecommerce sites (and customers) have a lot more to lose when they get compromised as they process and deal with critical information from their users," Anjos explained. "Whenever possible, we recommend using 3rd party providers, like Stripe or Paypal to reduce your PCI scope and do not allow credit card data to pass through your site."