Credit Card Hacks Found on Numerous Compromised Online Stores

According to one latest research, a large number of retail websites in New Zealand were targets of hacks in which malware was used to infect them and steal credit card details of customers visiting them.

The research reportedly by Willem de Groot, owner of one Magento hosting firm within Holland shows that anonymous cyber-criminals were abusing security flaws within vulnerable computers followed with injecting harmful JavaScript written code. Nzherald.co.nz posted this online dated October 15, 2016.

The infected online stores increased to a total of 4,476 by March at the rate of 30% and 5,925 by September. During 2015, over 750 of the shopping sites were unwittingly browsing card information for criminals and continue to do so even today. This proves the kind of hacking could remain unnoticed stretching to months, blogs De Groot.

The data accumulated for De Groot's research indicates that several groups were involved in the cyber theft. Moreover, while the harmful code had multiple variants during 2015, as of today, there exist 3 unique malware families containing 9 variants in all.

Explaining further De Groot says that the first variant only tapped web-pages whose URL showed checkout. Subsequent variants too check for the widely used PayPal, Onestepcheckout and Firecheckout plug-ins.

When unwitting consumers use their payment cards for paying the items they buy from the online stores, the malware harboring on the those sites quietly 'copy pastes' their card particulars onto certain server believably installed in Russia. The malware receives its hosting service from this server and via HTTPS; as a result it is able to view all the information that a consumer types into the store sites, in particular, his or her credit card details.

What is unacceptable though is that certain store owners do not appear to grasp how severe these problems are else, perceive their impact. Citing some examples, De Groot tells the worst responses companies made to his mention regarding the compromises.

Fortunately, certain shop owners have started acting towards rectifying the problems, with 334 websites rectified within a 48-hr time-span. But unfortunately, 170 fresh websites were breached during that very time-span.

» SPAMfighter News - 10/19/2016