Pakistan Tech News

Weekly Must-ReadsView All
Popular Topics
Trending NowView All

This sneaky credit card thief hides inside payment processors to avoid security checks

2 minute read
This sneaky credit card thief hides inside payment processors to avoid security checks
Total
0
Shares
0
0
0

A sneaky new credit card thief has been discovered hiding in hard-to-scan places, thus managing to steal payment information without triggering any alarms.

A report from cybersecurity experts Sucuri notes how it stumbled upon the malware when called in to investigate an “unusual infection” at one of its customers’ payment points.

As it turns out, the malware was hiding in the site’s WooCommerce payment gateway module called Authorize.net, which handles payment details at checkout. Since this module runs after the user submits data at checkout, cyber security solutions have a much more difficult time detecting potentially malicious code hiding within.

No weak points

Typically, attackers inject malicious code into the HTML of a customer’s payment page store. The code will then grab the data entered during checkout – giving hackers access to sensitive data such as full credit card numbers, CVV numbers, expiration dates, phone numbers, email addresses, and other important information.

But today’s cyber security solutions can scan HTML code for malware and thus keep e-commerce websites safe.

That’s why this creative malware developer has turned to the Authorize.net payment processing system. Apparently, it is currently being used by more than 400,000 merchants all over the world.

Sucuri stressed that the WooCommerce e-commerce plugin for WordPress, or the Authorize.net payment gateway, has no flaws and does not carry any security holes.

Read more

> Thousands of WordPress websites have been infected with a mysterious malware

> New malware has been found on Linux targeting WordPress websites

> Below is a list of the best mobile credit card processors

“In general, they are both robust, secure and completely safe payment platforms to use. Instead, this article highlights the importance of maintaining good security and keeping environments closed to prevent tampering from threat actors.”

They concluded that “just like any other software, if malicious actors compromise an environment, they can tamper with existing controls”.

To stay safe, companies are advised to take advantage of file integrity monitoring, keep a close eye on modified files, and urge them to “take every possible avenue to keep attackers at bay.”

  • Check out the best protection against identity theft now

Via: BleepingComputer

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Leave a Reply

Your email address will not be published. Required fields are marked *

Prev
You weren’t alone, ChatGPT fixed an “important” bug
You weren't alone, ChatGPT fixed an "important" bug

You weren’t alone, ChatGPT fixed an “important” bug

If you opened up what is arguably the world’s favorite AI chatbot today,

Next
5,000 Google Scholarships, 6-month free of cost Coursera training announced, PITB, Tech Valley (Google for Education partner in Pakistan) sign MoU
5,000 Google Scholarships, 6-month free of cost Coursera training announced, PITB, Tech Valley (Google for Education partner in Pakistan) sign MoU

5,000 Google Scholarships, 6-month free of cost Coursera training announced, PITB, Tech Valley (Google for Education partner in Pakistan) sign MoU

LAHORE – March 22, 2023 Punjab Information Technology Board (PITB) has signed a

You May Also Like