Heroku PaaS Service Found Hosting Numerous Magecart Skimmers

  •  
  •  
  •  
  • 3
  •  
  •  
  •  
    3
    Shares

Recently, researchers have found Magecart attackers exploiting Salesforce Heroku for hosting Magecart skimmers. The attackers also exploit this service to store pilfered payment card information.

Salesforce Heroku Hosted Magecart

Researchers from Malwarebytes Labs, have found Salesforce Heroku PaaS hosting Magecart skimmers. Not only this, but the attackers also exploited this service for storing stolen data. The researchers have detailed their findings in a blog post.

Heroku is a cloud-based platform-as-a-service (Paas) from Salesforce which provides web app hosting facilities to various businesses. It offers a freemium model to facilitate new users to test their hosting services. That is what the attackers exploited.

According to the researchers, the threat actors created free accounts with the service to host their skimmers. This also helped them target websites with a single line of code which executes further steps.

Its goal is to monitor the current page and load a second element (a malicious credit card iframe) when the current browser URL contains the Base64 encoded string Y2hlY2tvdXQ= (checkout).

The iframe overlays the site’s payment form to steal users’ data. Once a user enters the details into the malicious iframe, the data exfiltrates to the attacker and the page reloads, requiring the user to re-enter the information.

Numerous Skimmers Found On Heroku

The researchers also noticed numerous other skimmers. All of these used a similar naming convention and appeared active.

The researchers also elaborated that the attackers always find cloud-based services lucrative. They may specifically use these platforms to evade detection as the services host numerous legit users as well.

Recently, numerous incidents involving Magecart skimmers have surfaced online. The attackers targeted various e-stores to steal users’ personal and payment card details in bulk.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!