Infecting payment pages on eCommerce websites is becoming commonplace for its effectiveness, in this way cyber criminals can steal sensitive information such as credit cards and at the same time go unnoticed for longer as they are infections that camouflage quite well.
According to an analysis published by the security company Sucuri, one of the last affected platforms is Magento with massive attacks that inject malicious functions into the modules or payment extensions.
Specifically, they have detected in the SF9 Realex payment module a function called sendCcNumber () which is camouflaged in the Remote.php file and captures user data when completing the checkout, then sending the information to the attacker's email.
This file is located on the path / app / code / community / SF9 / Realex / Model.
It should be noted that the infection is not carried out due to a vulnerability of the module, but is added especially in that place once the website commits itself in some other way, for example due to a lack of Magento update.
It is not the first time that Sucuri detects infections in the e-commerce payment pages, last year they detected similar attacks in WooCommerce, the popular WordPress plugin that allows you to create an online store with a few clicks, and they have also detected attacks by the style in Prestashop and OpenCart.
These web infections are not easy to detect by administrators because they do not usually affect the normal operation of stores. They are becoming more common every time and that is why, as a basic measure, it is extremely important to keep the platforms updated (WordPress, Magento, PrestaShop, etc.), in this way many of the security problems are avoided although of course they must be Take further steps to secure the sites and the personal information that is handled through them.
And do you have your eCommerce secure?