Cybersecurity researchers have discovered a credit card skimmer hiding in a fake metapixel tracker script in an attempt to evade detection.
Sucuri said the malware was injected into the site through tools that allow custom coding, such as WordPress plug-ins such as simple custom CSS and JS, or the “Miscellaneous Scripts” section of the Magento admin panel.
Security researcher Matt Morrow said: “Custom script editors are popular with bad actors because they allow external third-party (and malicious) JavaScript and can be used by exploiting names that match popular scripts like Google Analytics or libraries like JQuery. The convention effortlessly pretends to be benign.”
The fake metapixel tracker script identified by the cybersecurity firm contained similar elements to its legitimate counterpart, but closer inspection revealed the addition of JavaScript code that replaced a reference to the domain “connect.facebook”[.]net” and “b-connection”[.]com. “
While the former is the real domain linked to the pixel tracking feature, the replacement domain is used to load an additional malicious script (“fbevents.js”) that monitors whether the victim is on the checkout page and, if so, provides fraud service coverage to get their credit card details.
It is worth noting that “b-connection[.]com” was a legitimate e-commerce website that at some point was compromised to host browser code. What’s more, the information entered into the fake form was infiltrated into another compromised website (“www.donjuguetes”)[.]es”).
To mitigate such risks, it is recommended to keep your website up to date, regularly check administrator accounts to determine if they are all valid, and update passwords frequently.
This is especially important as threat actors have been known to exploit weak passwords and flaws in WordPress plugins to gain increased access to target sites and add malicious admin users, who are then used to perform a variety of other Activities, including adding additional plugins and backdoors.
“Because credit card skimmers often wait for keywords like ‘checkout’ or ‘one page,’ they may not be detected until the checkout page loads,” Morrow said.
“Because most checkout pages are dynamically generated based on cookie data and other variables passed to the page, these scripts evade public scanners and the only way to identify malware is to inspect the page source or observe network traffic. These scripts are Silence runs in the page. Background.”
At the same time, Sucuri also revealed that websites built using WordPress and Magento are targets of another malware called Magento Shoplift. Early variants of Magento Shoplift have been spotted in the wild since September 2023.
The attack chain begins by injecting an obfuscated JavaScript fragment into a legitimate JavScript file, which is responsible for loading a second script from jqueurystatics[.]com via WebSocket Secure (WSS), which in turn is designed to facilitate credit card theft and data theft while masquerading as a Google Analytics script.
“WordPress has also become a major player in the e-commerce space thanks to the adoption of Woocommerce and other plugins that can easily transform a WordPress website into a fully functional online store,” said researcher Puja Srivastava.
“This popularity has also made WordPress stores a prime target – attackers are modifying their MageCart e-commerce malware to target a wider range of CMS platforms.”
47 Comments
Pingback: Crafty credit card skimmers masquerade as harmless Facebook trackers – Tech Empire Solutions
Pingback: Crafty credit card skimmers masquerade as harmless Facebook trackers – Shanon Wardon
Pingback: Crafty credit card skimmers masquerade as harmless Facebook trackers – Marshall Henri
You could certainly see your expertise in the work you write. The world hopes for even more passionate writers like you who are not afraid to say how they believe. Always go after your heart.
I dugg some of you post as I cogitated they were very helpful handy
Thanks for your marvelous posting! I genuinely enjoyed reading it, you can be a great author.I will always bookmark your blog and will come back later in life. I want to encourage you to ultimately continue your great writing, have a nice morning!
The very root of your writing whilst sounding reasonable at first, did not work very well with me after some time. Somewhere throughout the sentences you were able to make me a believer unfortunately only for a while. I nevertheless have a problem with your leaps in assumptions and one might do well to help fill in those breaks. When you can accomplish that, I will certainly be amazed.
Excellent post. I used to be checking continuously this weblog and I am inspired! Very helpful info specifically the last phase 🙂 I take care of such info much. I used to be seeking this particular info for a very lengthy time. Thank you and best of luck.
My spouse and I stumbled over here different web page and thought I should check things out. I like what I see so now i’m following you. Look forward to checking out your web page for a second time.
I have been reading out a few of your stories and i can claim pretty good stuff. I will surely bookmark your blog.
Some really choice posts on this web site, bookmarked.
Hi there! I just wish to give a huge thumbs up for the nice data you’ve right here on this post. I might be coming again to your weblog for extra soon.
I got what you intend, regards for posting.Woh I am delighted to find this website through google. “Don’t be afraid of opposition. Remember, a kite rises against not with the wind.” by Hamilton Mabie.
What does the Lottery Defeater Software offer? The Lottery Defeater Software is a unique predictive tool crafted to empower individuals seeking to boost their chances of winning the lottery.
Hello there, I discovered your web site by way of Google even as searching for a similar topic, your web site got here up, it seems great. I have bookmarked it in my google bookmarks.
I think you have mentioned some very interesting details, thanks for the post.
It’s arduous to find educated folks on this matter, however you sound like you recognize what you’re talking about! Thanks
There is visibly a bunch to identify about this. I assume you made some nice points in features also.
naturally like your website however you have to check the spelling on several of your posts. Many of them are rife with spelling issues and I to find it very troublesome to inform the truth however I will surely come back again.
Woah! I’m really digging the template/theme of this website. It’s simple, yet effective. A lot of times it’s challenging to get that “perfect balance” between usability and visual appearance. I must say that you’ve done a awesome job with this. Additionally, the blog loads very fast for me on Opera. Excellent Blog!
I really wanted to write down a quick word in order to say thanks to you for some of the magnificent facts you are giving out at this site. My time-consuming internet search has now been honored with reputable details to talk about with my family and friends. I would assert that most of us website visitors actually are rather blessed to exist in a decent network with very many marvellous individuals with interesting pointers. I feel really privileged to have used the weblog and look forward to tons of more cool moments reading here. Thanks once again for a lot of things.
Some truly fantastic work on behalf of the owner of this internet site, utterly great articles.
Your style is so unique compared to many other people. Thank you for publishing when you have the opportunity,Guess I will just make this bookmarked.2
Nice post. I was checking constantly this blog and I’m impressed! Very useful info specially the last part 🙂 I care for such information a lot. I was looking for this particular information for a very long time. Thank you and good luck.
Thank you, I have just been looking for info about this subject for ages and yours is the greatest I have came upon so far. However, what concerning the bottom line? Are you certain concerning the source?
of course like your web-site however you have to check the spelling on several of your posts. A number of them are rife with spelling issues and I to find it very bothersome to tell the reality nevertheless I will definitely come back again.
I like what you guys are up too. Such clever work and reporting! Keep up the superb works guys I’ve incorporated you guys to my blogroll. I think it’ll improve the value of my site 🙂
certainly like your website but you have to test the spelling on several of your posts. Many of them are rife with spelling issues and I to find it very troublesome to inform the reality however I¦ll certainly come again again.
Thanks so much for providing individuals with remarkably terrific chance to read critical reviews from this site. It is usually so enjoyable and as well , packed with amusement for me personally and my office co-workers to search your website really thrice in 7 days to study the new items you have. And lastly, I am always fulfilled with the surprising hints served by you. Selected two tips in this posting are ultimately the simplest I have ever had.
An attention-grabbing dialogue is price comment. I think that it is best to write extra on this subject, it may not be a taboo topic but typically persons are not enough to speak on such topics. To the next. Cheers
Howdy! I just want to give an enormous thumbs up for the great data you’ve gotten right here on this post. I will be coming back to your blog for extra soon.
There is noticeably a bundle to realize about this. I consider you made certain good points in features also.
Very interesting topic, thanks for putting up.
Glad to be one of many visitors on this awe inspiring website : D.
This blog is definitely rather handy since I’m at the moment creating an internet floral website – although I am only starting out therefore it’s really fairly small, nothing like this site. Can link to a few of the posts here as they are quite. Thanks much. Zoey Olsen
You are a very smart individual!
A person essentially assist to make severely articles I would state. This is the very first time I frequented your web page and to this point? I surprised with the analysis you made to make this particular publish amazing. Great task!
Hello.This post was extremely motivating, particularly because I was browsing for thoughts on this subject last Thursday.
I’d have to examine with you here. Which is not one thing I usually do! I take pleasure in reading a post that may make folks think. Additionally, thanks for permitting me to comment!
Hi there, I found your blog via Google while looking for a related topic, your website came up, it looks good. I have bookmarked it in my google bookmarks.
The subsequent time I learn a weblog, I hope that it doesnt disappoint me as much as this one. I mean, I do know it was my option to learn, but I really thought youd have something interesting to say. All I hear is a bunch of whining about something that you can repair if you werent too busy in search of attention.
Thanks for this post, I am a big big fan of this website would like to proceed updated.
whoah this blog is wonderful i love reading your articles. Keep up the great work! You know, lots of people are hunting around for this information, you could help them greatly.
Whats Taking place i’m new to this, I stumbled upon this I’ve found It absolutely useful and it has aided me out loads. I am hoping to contribute & assist different users like its helped me. Good job.
I got good info from your blog
Hello my friend! I wish to say that this post is awesome, nice written and include approximately all vital infos. I’d like to see more posts like this.
I am incessantly thought about this, thankyou for posting.