You will also be interested
[EN VIDÉO] What is a cyber attack? With the development of the Internet and the cloud, cyber attacks are becoming more frequent and complex. Who is behind these attacks and for what purpose? What are the hackers’ methods and what are the biggest cyber attacks?
Code injection to steal bank details on merchant websites, or fast reading In English, it is nothing new. However, as with all threats on the web, the authors are constantly improving their tools to stay one step ahead of cybersecurity professionals. according to Microsoft’s new reportHackers have developed new techniques to hide their code and avoid detection.
Initially , pirate They were targeting flaws in platforms like Magent, PrestaShop or WordPress, and they were content To enter JavaScript. One of the most famous attacks of this type is magicartwhich was first discovered in 2010 and caused a stir during Problems Attacks in 2019. While new technologies still require a vulnerability to inject data into the server, JavaScript code is no longer in the directory.
malicious code in the image
The first approach is to pass the code as something else. Microsoft Discover remarkably JavaScriptencoded in base 64 in the code PHP, itself is embedded in the photo. In one case the authors used the favicon (icon from the site displayed in the address bar or on bookmarks), and in another case they used a simple image. All they had to do was add the PHP include() function to the site’s index page, an addition that no one would ever notice.
In both cases, the PHP script checks the page title for terms” paying off ” And ” one page », which corresponds to the Magento payment page. It also checks files biscuit To ensure that the user is not responsible. Once it’s done, it decodes a JavaScript script that will display a fake payment form and then sends the data to an external server.
Persuasive titles by encoding them in base 64
The second method adds four lines of JavaScript to the page. In the same way, the script runs only on the page whose title contains the term ” paying off “, the keyword that is encoded in base 64 in the script goes unnoticed. Then it downloads another script hosted on an external server, whose address is encoded in base 64 and divided into several groups of concatenated characters. This script ensures that tools are encoded in base 64. developer navigator Unopened, it saves the payment form data in an image, which is sent to an external address.
Finally, for the third technique, pirate Pass their text as official text for audience analysis Google Analytics or dead pixels. Again, the authors added a simple script that downloads a second script from an external server, and used base-64 encoding to mask the address.
The common point of all these techniques is the use of character strings in base 64, in particular the JavaScript atob() function to decode them. This can help developers detect infected sites. On the other hand, it is difficult for Internet users to defend themselves against this type of attack, except by using methods such as single-use virtual bank cards. For site administrators, Microsoft recommends checking that their content management system (CMS) and all extensions are up to date.
Interested in what you just read?
“Hardcore beer fanatic. Falls down a lot. Professional coffee fan. Music ninja.”
More Stories
Starliner's first manned flight in May
Why do we feel cramps when we exercise?
We tell you everything!