Criminals come up with such a creative trick that even experts raise their hats

The US information security company Akamai says that hackers have stolen the payment card information of customers of online stores using a creative trick. SAMI HALINEN/KL

Hackers have obtained the payment card information of online store users by entering malicious code into the sites. The modus operandi is called a magecart attack.

Written by the security company Akamai according to the report, criminals have used the error notification pages of online stores, i.e. the so-called 404 pages, in thefts. The title of the English text is The Art of Concealmentin Finnish the art of hiding.

The attacks reportedly started three weeks ago. The hijackings known to Akamai have focused on sites using the Magento and WooCommerce e-commerce platforms, which are said to be numerous. However, it does not mention by name the online stores that the hackers have managed to break into.

A creative 404 gimmick

You too have probably come across the very common 404 error code, if the link you clicked has led to a page that has been deleted or moved to another address. The error 404 or the “page not found” notification is familiar to practically everyone on the Internet, and there is nothing suspicious about them in themselves.

But as recent cases show, even these pages can be used for criminal purposes.

Malicious code has been entered into the pages of the stores that have been attacked, which could have been disguised to look like, for example, a standard tracking code used on a website, a Meta-pixel. According to experts, the skillful camouflage of malicious code snippets has made it difficult to detect scams.

In some of the cases, the capture of card data has been successful in such a way that when the customer who has collected products in his shopping cart has been ready to go to the checkout of the online store, the code entered on the site has directed the customer instead of the payment information page to a 404 error message page modified by hackers, which is disguised to look like the payment information page of the online store.

An unsuspecting customer thought he was entering his payment information into the online store’s system, when in reality he typed his information into a payment information form forged by hackers.

It was this redirection to the 404 site that made even the security company’s experts confused at first, because they didn’t realize at first that the error notification pages were an essential part of the plot.

– It is a creative means of camouflage that we have never come across before, Akamai information security researcher Roman Lvovsky write.

Using a 404 site is a clever trick because scanners sniffing websites for various types of malware may not even extend their scans to the code of error notification pages.

Another way has also become common

In some cases, criminals carrying out magecart attacks have managed to modify the code of the online store in such a way that when paying for purchases, the user is shown a fake card information form, the authenticity of which the customer cannot even suspect.

When the customer has entered his information in the fake form and imagines that he is confirming the payment, the completed information is sent to the criminals. The form gives an error message, all filled-in fields are cleared and the fake form is replaced by the real one without the user noticing.

A user who does not know that his payment information has already ended up in the hands of hackers considers the sudden disappearance of the information he has just entered as just a bug on the site. He enters the information again, this time on a genuine form, the order goes through normally, and the customer can’t suspect anything – until the card’s payment transactions sometime later reveal that the card has been used without permission.

Sources: Akamai, BleepingComputer, HackRead