Hackers hide stolen payment card data inside website product images

The technique makes the compromises harder to detect and prolongs the theft

Attacks that compromise online shops to skim payment card details are increasing and growing in sophistication. The latest technique involves hiding malicious code and stolen data inside legitimate files.

A Dutch researcher reported last week that almost 6,000 online shops, most of them built with the Magento content management system, have malicious code that intercepts and steals payment card data during online transactions. The online storefront of the U.S. National Republican Senatorial Committee (NRSC) was among those websites until earlier this month.

His research also showed that in many cases these compromises go undetected for up to a year. This has to do with the poor understanding of the problem by webmasters who believe that if their sites use HTTPS or a third-party payment processor the customer data is safe. Another factor is hackers' efforts to hide their trails.

Researchers from web security firm Sucuri recently investigated an online shop compromise that wasn't detected by automated scans. On manual investigation, they noticed that one of the site's core files, called Cc.php, had recently been modified.

When analyzing the file, they found malicious code designed to steal payment card data and store it inside an image file. This technique of hiding data inside files with unsuspicious extensions, such as image files, is not new and is intended to avoid detection.

While these files masquerade as images, they are not typically functional, but this wasn't the case in the Magento hack investigated by Sucuri. The file in which the stolen payment card details were stored was actually a legitimate image depicting one of the products sold on the website.

The stolen data was appended at the end, after the image data, keeping the original image intact and viewable in a browser. This method is known as steganography and is even harder to detect than some other ways of hiding data.

"To obtain the stolen numbers, the attacker would not even have to maintain access to the site," Sucuri researcher Ben Martin said in a blog post. "The image was publicly accessible. All the attacker would need to do is download the image from the website just like any other and view its source code."

Sucuri found the same online card swiper infection on other websites, most of them from the U.S., but also from countries like Japan, Turkey, and Saudi Arabia. This means these attacks don't focus on a single country or region.

Companies who run their own online shops should monitor the integrity of their websites and investigate any suspicious modifications of existing files. Unlike other website hacks, these online skimming attacks don't generate any errors or messages that users can report back to the website owner. They simply work silently in the background.

Join the PC World newsletter!

Error: Please check your email address.

Tags hacking

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?