Websites’ 404 pages exploited in new Magecart campaign

New Magecart attacks involving the alteration of default 404 error pages to hide malicious code have been deployed against numerous Magento and WooCommerce sites, including those of food and retail industry entities, The Hacker News reports. Threat actors compromise websites with a loader code that would facilitate the retrieval of the primary payload, which would then collect sensitive data on checkout pages before proceeding with exfiltration activities, according to an Akamai report. Conducting attacks in a multi-step approach better conceals malicious activity and enables complete intrusions only on websites that were intended to be targeted, said researcher Roman Lvovsky. Aside from exploiting 404 error pages, attackers have also employed skimmer code obfuscation in the onerror attribute of a malformed HTML image tag, as well as a Meta Pixel code snippet-spoofing inline script. "The idea of manipulating the default 404 error page of a targeted website can offer Magecart actors various creative options for improved hiding and evasion," added Lvovsky.