Tag: cibersecurity

The important web skimming campaign aimed at payment networks

Cybersecurity researchers have discovered a significant web skimming campaign active since January 2022, targeting prominent payment networks such as American Express, Mastercard, and others. This malicious activity falls within a category of attacks known as Magecart, which initially focused on sites using the Magento platform but has diversified its reach, now affecting various e-commerce portals. Sophisticated threat The attack involves compromising legitimate e-commerce sites and injecting malicious JavaScript code that steals sensitive credit card information and other personal data during the process […]

Cybersecurity researchers have discovered a significant active web skimming campaign since January 2022, targeting prominent payment networks such as American Express, Mastercard, and others. This malicious activity falls within a category of attacks known as Magecart, which initially focused on sites using the Magento platform but has diversified its reach, now affecting various e-commerce portals.

Sophisticated Threat

The attack involves compromising legitimate e-commerce sites and injecting malicious JavaScript code that steals sensitive credit card information and other personal data during the checkout process. Researchers from Silent Push identified this campaign after analyzing a suspicious domain associated with a hosting provider known for its illicit activity, which has attempted to evade sanctions by changing its name.

The domain in question hosts highly obfuscated JavaScript payloads designed to facilitate credit card skimming. This skimmer has the ability to evade detection by site administrators, as it checks the structure of the Document Object Model for specific elements that indicate an administrator user is present. If it detects the presence of these elements, it initiates a self-destruction sequence to eliminate any trace of its code.

Additionally, the skimmer can manipulate payment forms. If it identifies that Stripe was selected as the payment method, the threat creates a fake form that deceives victims into entering their credit card information, which includes the CVC verification code and expiration dates. At the end of the process, the stolen data is sent to a designated server, putting users’ personal information at risk.

This sophisticated operation highlights the level of knowledge that attackers have about the features of WordPress, even integrating lesser-known functions into their attack chain, which raises serious concerns for companies managing online stores.

A new malware for MacOS has been discovered that targets user credentials

Recent research has revealed the existence of a new malware strain on macOS, attributed to the group known as FlexibleFerret. This sophisticated threat uses multi-stage scripts and a backdoor built in Go to infiltrate users’ systems, with the specific goal of stealing credentials and maintaining access to their devices. Threatening the most secure system The malware implements a layered approach to evade detection, starting with scripts that prepare the ground for the installation of the backdoor. This methodology allows attackers to establish a persistent connection with the compromised system, facilitating the […]

Recent investigations have revealed the existence of a new malware strain on macOS, attributed to the group known as FlexibleFerret. This sophisticated threat uses multi-stage scripts and a ‘backdoor’ built in Go to infiltrate users’ systems, with the specific aim of stealing credentials and maintaining access to their devices.

Threatening the most secure system

The malware implements a layered approach to evade detection, starting with scripts that prepare the ground for the installation of the backdoor. This methodology allows attackers to establish a persistent connection with the compromised system, facilitating the theft of sensitive data, such as usernames and passwords.

FlexibleFerret seems to be especially aimed at macOS users, highlighting the growing concern for the security of this operating system. Traditionally, Apple devices have been considered more secure against malware compared to their Windows counterparts, but this new threat challenges that perception. With the rise of remote work and greater reliance on digital platforms, the risk of suffering an attack like FlexibleFerret is more relevant than ever.

Cybersecurity experts warn that this type of malware underscores the importance of maintaining robust security practices, including the implementation of two-factor authentication and active monitoring of sensitive account activity. Additionally, users are advised to keep their systems updated and use reliable antivirus software to protect against future threats.

It remains to be seen to what extent these attack techniques will expand and whether macOS users will be able to withstand the growing tide of malware designed to compromise their systems and steal personal information. Meanwhile, the cybersecurity community remains alert and is working to counter this and other emerging threats.