Compromised OpenCart Payment Module Steals Credit Card Info

Aug 30 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s holding out for a hero hacker to save Greater London and bring down the bullshit #ULEZ infrastructure once and for all. #KhanOut

Today’s hottest cybersecurity news stories:

  • ☣️ Magecart infections are causing major problems for OpenCart ????

  • ????????‍???? Devs beware: Dodgy Rust libraries caught sending OS info to Telegram ✉️

  • ???? MARS finds MMRat malware doing committing bank fraud via fake app stores ????

Hackers: OpenCart, open sesame ???? ????️ ????

house GIF

 

Giphy

 

???? Compromised OpenCart Payment Module Steals Credit Card Info ????

Here’s the scoop on a recent cyber incident that caught our attention. A concerning case of credit card information theft through a compromised OpenCart payment module has been uncovered. Let’s dive into the details.

???? Magecart Strikes Again ????

Magecart, a sneaky online threat, has been making waves since 2015 by snatching credit card data from online stores. This time, it aimed its sights at OpenCart, a popular e-commerce platform.

???? The Intrusion ????

Picture this: A client reports suspicious credit card activities on their website. Major credit card companies even spot this domain as a potential source of compromised cards. Cue our investigation! ????‍????

????️‍♂️ The Hunt Begins ????️‍♂️

We roll up our sleeves and dig into the code. Typically, these malicious codes pop up when users reach the checkout. Sometimes, they’re well-hidden, but we’ve got tricks up our sleeves like NoScript to spot ’em.

???? The Twist ????

Surprisingly, no fishy business on the checkout page itself. So, we take a detour to the backend files. Timing is key; knowing when the theft started is like finding the needle in the haystack. In this case, it had been ongoing for months before the alarm bells rang.

???? The Culprit Revealed ????

After narrowing down the time frame, we unearthed the pesky culprit. The attackers had tinkered with a critical file that handles payment processing. A similar tactic we’ve seen before.

Stay vigilant, folks! Make sure your e-commerce platforms are up to date and secured. ????????

Remember, safety online is a team effort! ???? Stay tuned for more updates. ????????

 

Join Discord

 

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

Caught Rust in the nick of time ????????????

Season 25 Drama GIF by The Bachelor

 

Gif by thebachelor on Giphy

 

???? Malicious Packages Target Rust Language’s Crate Registry ????

Heads up, developers! ???? A recent report reveals concerning news about the Rust programming language’s crate registry.

Malicious libraries, uploaded from August 14 to 16, 2023, by user “amaperf,” have been discovered. Names like postgress, if-cfg, and more were taken down, but the threat is real.

The Plot Uncovered ????️‍♂️

These sinister packages held hidden agendas. Their purpose? To gather OS info (Windows, Linux, macOS) and send it to a Telegram channel via API. It seems the bad actors were gearing up for a larger scheme, maybe to unleash improved data theft tactics.

???? Developers in the Crosshairs ????

Developers, you’re in demand! With SSH keys, infrastructure access, and IP at stake, you’re prime targets. Stay vigilant! ????

⚠️ A Familiar Tune ⚠️

This isn’t the first registry under attack. Remember CrateDepression on crates.io? It used typosquatting for data theft. The lesson: watch your step.

???? Wider Nets, Bigger Threat ????

Hold on, npm folks! ???? Phylum also found an npm package, “emails-helper,” that sets off remote info theft. Don’t let “simple” npm install actions trigger intricate attacks. ????

Stay smart, stay safe! ???? #DevAlert ????

????️ Extra, Extra! Read all about it! ????️

Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ????The Crypto Nutshell: Crypto News & Expert Predictions all in a nutshell ????

  • ????The Breakthrough: Receive one idea, one question, and one exercise each week that could spark your next breakthrough.

  • ✈️ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.

Let us know what you think!

Is there life on MARS? ????????????

Mars GIF by YUNGBLUD

 

Gif by yungblud on Giphy

 

???? New Android Trojan “MMRat” Targets Southeast Asia Users ????

Alert, mobile users! ???? A fresh Android banking trojan, named MMRat (AndroidOS_MMRat.HRX), has emerged in Southeast Asia. Discovered by Trend Micro’s MARS team, this sneaky malware captures user input, controls devices remotely, and poses a grave threat to bank fraud.

???? The Sneaky Intruder ????

Operating since late June 2023, MMRat flies under the radar. It disguises itself as an innocent package “com.mm.user,” and its goal? Syphon sensitive info and orchestrate bank fraud right on victims’ devices. ????

???? The Deceptive Route ????

MMRat spreads through phishing websites posing as official app stores. These tricky links target users across Southeast Asia. Watch out for those permissions when downloading!

???? Top Tips:

  • Stick to trusted app sources like Google Play or Apple App Store.

  • Keep your device updated for enhanced security.

  • Think twice before granting accessibility permissions.

  • Install reliable security solutions for early threat detection.

  • Safeguard personal and banking info online.

Remember to always stay one step ahead of cyber threats! ???????????? Stay safe, cyber-squad!

So long and thanks for reading all the phish!

Recent articles