Threat Management, Malware, Breach

Hackers are scraping credit card data from online checkout pages

The seal of the Federal Bureau of Investigation hangs on the outside of the bureau’s Edgar J. Hoover Building May 9, 2017, in Washington. (Photo by Chip Somodevilla/Getty Images)
The seal of the Federal Bureau of Investigation hangs on the outside of the bureau's Edgar J. Hoover Building May 9, 2017, in Washington. (Photo by Chip Somodevilla/Getty Images)

The FBI issued an alert May 16 warning security teams that cyber actors were able to scrape credit card data from a U.S. business in January by injecting malicious PHP code into its online checkout page. 

The data was then sent to a server that spoofed a legitimate card processing service. Furthermore, the unidentified actors established a backdoor to the business’ system by modifying two files within the checkout page. 

The FBI shared indicators of compromise (IOCs) in the alert to assist in network defense, as well as recommendations for mitigations.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Related

Novel Kapeka backdoor leveraged in Sandworm attacks

Ukraine, Estonia, and other countries in Eastern Europe have been targeted by Russian state-backed advanced persistent threat operation Sandworm, also known as APT44 and Seashell Blizard, in attacks distributing the new Kapeka malware, also known as KnuckleTouch, since mid-2022, according to The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.