Hackers Hide Credit Card Skimmers in Swap Files: How Your E-commerce Site Could Be Next

Threat actors are using swap files to hide persistent credit card skimmers on compromised websites. This sneaky technique, seen on a Magento e-commerce site, helps malware survive cleanup attempts and exfiltrate payment data. Security experts advise restricting protocols like SSH to trusted IPs and keeping systems up-to-date.

3P
Published: July 23, 2024 10:25 amAdded: July 23, 2024 at 3:38 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Just when you thought your credit card info was safe, cyber crooks are playing hide and seek with your data like it’s a game of Where’s Waldo. Pro tip: Waldo wins.

Key Points:

  • Threat actors are using swap files to conceal credit card skimmers on compromised websites.
  • The malware was observed on a Magento e-commerce site’s checkout page.
  • Stolen data is exfiltrated to a domain that mimics Amazon’s analytic services.
  • Malware persists on the site by exploiting swap files created during SSH sessions.
  • Compromised WordPress sites are being hit with a malicious plugin masquerading as Wordfence.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?