Foregenix, the information security specialists, have identified a worrying new trend of obfuscated code containing malware being placed (hidden) on merchant’s web sites. Designed to harvest payment card details, the malware takes an unusual approach to stealing the information.
Foregenix are warning that this malware could be currently hiding in web sites without businesses even being aware of it; leaving them open to embarrassing and costly data breaches.
Hackers are using a script which uses several layers of encoding (binary XOR and text based base64), compression and function lookup tables to protect or hide the internal workings of the malware. The approach the attackers take makes it extremely easy to change the outer layers, thereby making it more difficult to detect in an automatic fashion, although it certainly is possible.
Within this malware is a dangerous new variation on the payment card harvesting attacks. Whereas it is fairly common to find the compromised data appended to an image file, making it easy to anonymously download – or email the compromised data to a temporary email address – this malware actually encrypts the payment details and puts it back in the local database.
The malware provides facilities to manage the table that the payment information is being saved to and also allows the attackers to download the data and purge the data from the database as and when they deem it necessary.
Benjamin Hosack of Foregenix issued advice to website owners and developers: “We strongly advise regular database reviews, checking for unusual or new tables that may be present. Regular and frequent reviews of the source of your site is also beneficial to detect compromised or modified files.
For more details on detecting and preventing attacks like this, please visit our blog at HERE.
For more information about PCI Version 3.0 or to learn more about payment security, visit HERE
The Foregenix team has been intimately involved with the Payment Card Industry since the inception of the security standards in 2004, and has carried out forensic investigations and compliance assessments on hundreds of organisations, ranging from national banks and multi-national corporations, right down to online and high street stores. Foregenix’ desire to promote simplified security and technical innovation led to the team becoming first QSA in the world to certify a PCI-P2PE application. Furthermore, through their work in digital forensics, Foregenix have gained an understanding of the ever-changing cyber threat landscape. This has allowed the team to develop a suite of security and risk reduction solutions to pro-actively secure our clients.