FBI: Hackers used malicious PHP code to grab credit card data

The Federal Bureau of Investigations (FBI) is warning that someone is scraping credit card data from the checkout pages of US businesses’ websites. 

“As of January 2022, unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server,” the FBI said in an alert.

It said the “unidentified cyber actors” also established backdoor access to the victim’s system by modifying two files within the checkout page. 

SEE: Just in time? Bosses are finally waking up to the cybersecurity threat

JavaScript-based Magecart card-skimming attacks have been the main threat to e-commerce sites in recent years, but PHP code remains a major source of card skimming activity. 

The attackers began targeting US businesses in September 2020 by inserting malicious PHP code into the customized online checkout pages. But earlier this year, the actors changed tactics using a different PHP function.  

The actors create a basic backdoor using a debugging function that allows the system to download two webshells onto the US firm’s web server,

Read More: https://www.zdnet.com/article/fbi-hackers-used-malicious-php-code-to-grab-credit-card-data/#ftag=RSSbaffb68