Hackers looking into injecting card stealing code on routers, rather than websites

Forums Security News (Security) Hackers looking into injecting card stealing code on routers, rather than websites

Tagged: 

  • This topic has 1 voice and 0 replies.
Viewing 0 reply threads
  • Author
    Posts
    • #36492
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]


        Headings…
        Hackers looking into injecting card stealing code on routers, rather than w
        What are L7 routers
        Well-known hacking group behind the “router file tests”
        Unclear if the “test files” are now used in the real world

        Auto extracted Text……

        Security researchers at IBM have found evidence that hackers have been working on creating malicious scripts they can deploy on commercial-grade “Layer 7” routers to steal payment card details.
        These are attacks where hackers plant malicious code on an online store that records and steals payment card details.
        However, this new discovery is an escalation of Magecart attacks to a new level, where the malicious code is injected at the router level, rather than being added by hackers on outdated websites.
        In a report published today, researchers with the IBM X-Force Incident Response and Intelligence Services (IRIS) team said they found evidence that a well-known hacker group has been testing Magecart scripts to deploy on L7 routers.
        The idea is that hackers would compromise L7 routers and then use their powerful traffic manipulation features to inject these malicious scripts in users’ active browsers sessions.
        IBM IRIS researchers said the scripts they found were specifically designed to extract payment card data from online shops, and upload the stolen information to a remote web server.
        Researchers said they found these scripts after the hackers uploaded the files on VirusTotal, a web-based antivirus aggregator.
        Researchers said that domains and other indicators in the code linked the 17 files to a known hacker group known as Magecart #5.
        IBM IRIS researchers said the Magecart group #5 test scripts they found were uploaded on VirusTotal between April 11 and April 14.
        IBM IRIS noted that, historically, the Magecart #5 group has been active in stealing payment card data entered in the checkout forms of selected US and Chinese online stores.
        From a user perspective, there’s not that much that victims can do to prevent from a Magecart attack executed at the router level, except avoid shopping online from untrusted or public networks, such as those in hotels, airports, or malls


        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019

    Viewing 0 reply threads
    • You must be logged in to reply to this topic.