Articles Malware from Magecart's arsenal accidentally exposed the list of...

Malware from Magecart’s arsenal accidentally exposed the list of hacked sites

-

A list of dozens of online stores hacked by a web skimming group was accidentally leaked through the Remote Access Trojan Installer (RAT).

Attackers install RATs on e-commerce sites to maintain persistence and re-access compromised resources and servers. After gaining access to the online store, they deploy skimming scripts to steal personal and bank data (attacks known as Magecart).

According to experts from the information security company Sansec, the malware is delivered as a 64-bit ELF executable file using an installer written in PHP. To bypass detection and analysis, the RAT masquerades as a DNS or SSH server daemon, so it is not highlighted in the server process list. For most of the day, the malware is in sleep mode, “waking up” only once – at 7 am in order to connect to its C&C server to receive commands.

Despite the complexity of the malware, the cybercriminals still made one mistake – they included the list of hacked online stores in the downloader code. Researchers hacked the downloader and found a list of 41 compromised sites.

Since the loader code uses shared memory blocks that are not typical for PHP (but more typical for C), it can be assumed that its author has little experience with PHP. This inexperience of the developer may explain the inclusion of the list of hacked sites in the loader code.

The researchers contacted the online store owners from the list and informed them of the problem.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you