Threat actors are utilizing swap files on compromised websites to hide credit card skimmers [1], with one recent case involving a Magento e-commerce site sending data to “amazon-analytic[.]com.”

Description

The skimmer uses well-known brand names in domain names to evade detection. It also employs swap files to inject malicious code while keeping original files intact. Compromised administrator accounts on WordPress sites are being exploited to install a malicious plugin posing as Wordfence [1] [2], which creates unauthorized admin users and disables Wordfence. To bolster security, site owners should limit protocols to trusted IPs, update systems regularly, enable two-factor authentication [1] [2], use firewalls [1] [2], and implement wp-config.php security measures [2].

Conclusion

These tactics highlight the importance of vigilance in cybersecurity. To mitigate risks, it is crucial for site owners to follow best practices for securing their websites and stay informed about emerging threats. By taking proactive measures, businesses can protect themselves and their customers from potential data breaches and financial losses.

References

[1] https://indoguardonline.com/2024/07/23/magento-sites-targeted-by-sneaky-credit-card-skimmer-via-spam-files/
[2] https://thehackernews.com/2024/07/magento-sites-targeted-with-sneaky.html