Threat Actors Deploy Malware on E-commerce Servers

Share post:

The Sansec Threat Research Team recently uncovered a malicious activity in which threat actors infiltrate credit card skimmers into the websites of online stores to deploy Linux malware on compromised e-commerce servers.

The attackers use a PHP-encoded web skimmer to download and infiltrate fake payment forms on the checkout pages, which are displayed to customers through the hacked online store.

Other discoveries by the security company include the malware receiving commands from a Beijing server hosted on Alibaba’s network, and achieving persistence by adding a new crontab entry that fulfills two main tasks: downloading the malicious payload from its command-and-control server and reinstalling the back door if it is detected.

As soon as the malware is started, it immediately removes itself from the disk and disguises itself as “ps _ ef.” This is used to get a list of currently running processes.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Cyber Security Today, Feb. 19, 2024 – Fake police data breach notification fools Maine’s AG site

This episode reports a recent fake data breach report and two real ones, a man pleads guilty to being involved in malware distribution

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways