Priya PatelTLDR:
- Hackers are exploiting swap files in shopping sites to inject credit card skimmers, allowing them to access and extract critical data.
- Researchers at Sucuri discovered that a Magento e-commerce platform was compromised with a persistent credit card skimmer through the swap file.
Hackers have found a new way to target sensitive information on websites by exploiting swap files. These files, typically used to store data that can’t fit in a system’s RAM, contain critical data like passwords and encryption keys. Researchers at Sucuri recently found that hackers were able to create a persistent credit card skimmer on a Magento e-commerce platform by using the swap file. This method allowed the malware to survive multiple removal attempts, posing a significant threat to online shoppers and businesses. The malware injected into the swap file was able to capture credit card information on the checkout page, highlighting the need for enhanced security measures in e-commerce environments.
The attack involved compromising the bootstrap.php file on the Magento site, which contained a base64-encoded credit card skimmer that persisted even after deletion. This was made possible through a hidden swap file named bootstrap.php-swapme, created through SSH editing. By exploiting swap files, hackers were able to evade detection and embed themselves in the server, emphasizing the importance of comprehensive security measures.
To protect against such attacks, experts recommend deploying a website firewall, regularly updating content management systems and plugins, and restricting access to admin panels. Businesses can also use professional cleanup services or DIY guides to clean infected sites. The discovery of how hackers abuse swap files underscores the need for multi-layered security in e-commerce environments to safeguard against data breaches and credit card theft.
