A sophisticated Magecart Campaign has surfaced, strategically utilizing websites’ default 404 error pages to camouflage malicious Code. This marks a notable evolution in the modus operandi of these cyber-attacks.

Targeting the eCommerce Giants: Magento and WooCommerce in the Crosshairs

Akamai’s latest findings reveal that this novel campaign zeroes in on Magento and WooCommerce websites, with significant implications for major players in the food and retail industries.

Akamai security researcher Roman Lvovsky shed light on the intricacies of the operation, stating that all the victims were directly exploited, as the malicious Code Snippet was injected into one of their first-party resources. This entails the insertion of the code directly into the HTML pages or within first-party scripts integral to the website’s functionality.

A Multi-Stage Offensive: Concealing the Threat in Plain Sight

The attacks unfold through a multi-stage chain, where the loader code dynamically fetches the main payload at runtime. This tactical maneuver aims to capture sensitive information entered on checkout pages, subsequently exfiltrating it to a remote server.

Lvovsky explained the rationale behind the multi-stage approach. The purpose of separating the attack into three parts is to conceal the attack in a way that makes it more challenging to detect.” This deliberate strategy enhances the discreet nature of the attack, making it a formidable challenge for security services and external scanning tools deployed on targeted websites.

404 Error Pages: One Facet of a Tripartite Campaign

Among the three variations employed in this campaign, the use of 404 error pages stands out. The other two variations involve obfuscating the skimmer code within a malformed HTML image tag’s onerror attribute and embedding it as an inline script masquerading as the Meta Pixel code snippet.

In essence, this Magecart evolution demands heightened vigilance and adaptability from cybersecurity professionals, underscoring the importance of staying ahead of these inventive and increasingly complex threats.