OpenCart, osCommerce Store Owners Should Watch Out for Credit Card Stealers
Security Update : E-commerce store administrators should be very wary and constantly scan their site’s source code for any recent modifications, as is the case of two recent credit card stealing scripts discovered by the team at Sucuri.
The first of these was uncovered last month by Sucuri’s Ahmad Azizan, who found a piece of code in osCommerce installations, in the ./catalog/checkout_confirmation.php file.
This piece of encoded PHP code was collecting data users entered on their checkout pages and was mailing it to the attacker. The credit card stealer collected everything users filled in the form, such as credit card numbers, the card barer’s name, the card’s expiration date, and even the CCV number.
Today, Sucuri researchers have found a similar script, unrelated to the first, but this one targeting OpenCart platforms.
Just… (read more)