Disclosures:
Professional Reviews

The reviews found on GuideHaven consist of evaluations conducted by community reviewers. These assessments take into account the reviewers’ unbiased and knowledgeable analysis of the products and services being reviewed.

Ownership

GuideHaven is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we’ve partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Affiliate Commissions

GuideHaven contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest, and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Review Guidelines

The reviews published on GuideHaven are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional, and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

News Heading

New Magecart Campaign Modifies 404 Error Page to Steal Visitor Information

Shipra Sanganeria
Published by Shipra Sanganeria on October 12, 2024

A novel web skimming campaign designed to steal personally identified (PII) and credit card information of ecommerce website visitors has been discovered by researchers.

Discovered by Akamai Security Intelligence Group researchers, the campaign is primarily targeted at Magento and WooCommerce websites, including online sites of some large organizations in the food and retail sectors.

This Magecart-style skimming campaign hides malicious code inside the default 404 error pages to avoid detection and successfully deploy malware to steal financial information. “This concealment technique is highly innovative and something we haven’t seen in previous Magecart campaigns,” Akamai report revealed.

The campaign follows the usual Magecart attack technique, exploiting vulnerabilities in the targeted host’s digital ecommerce website or the third-party services used by it to inject the skimming malware code.

The campaign is divided into three main parts: loader, malicious attack code, and data exfiltration. ‘’The purpose of separating the attack into three parts is to conceal the attack in a way that makes it more challenging to detect,’’ the report continued.

While analyzing the campaign, Akami found three variations in this attack. Two were very similar with only a slight difference in loader part. The loader component either disguised itself as a Meta Pixel code snippet or hid inside an existing inline script present on the targeted website.

Upon execution, this loader skimmer sends a fetch request to a relative path called ‘icons,’ which does not exist. Thus, leading the visitor to a ‘404 Not Found’ error page.

Further investigation of the 404 page revealed a hidden comment containing the string “COOKIE_ANNOT.” Next to it, was a long Base64-encoded string containing the entire obfuscated JavaScript attack code. This is used to execute the attack and steal sensitive information uploaded by the user.

‘’We simulated additional requests to nonexistent paths, and all of them returned the same 404 error page containing the comment with the encoded malicious code. These checks confirm that the attacker successfully altered the default error page for the entire website and concealed the malicious code within it,” Akamai revealed.

The attackers also deployed common exfiltration techniques of injecting fake forms to steal personal and credit card information.

With the growing sophistication in web skimming attacks, it’s essential to remain vigilant while filling personal details on websites.

Did you like this article? Rate it!
 
 
 
 
 
I hated it I don’t really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback