Rewterz Threat Alert – Emotet – IoCs
September 28, 2020Rewterz Threat Advisory – CVE-2020-4727 – IBM InfoSphere Information Server clickjacking
September 28, 2020Rewterz Threat Alert – Emotet – IoCs
September 28, 2020Rewterz Threat Advisory – CVE-2020-4727 – IBM InfoSphere Information Server clickjacking
September 28, 2020Severity
High
Analysis Summary
A malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.
To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” ?— this location typically belongs to the step in Magento’s checkout process where users enter their sensitive credit card information and shipping details. Both the string “checkout” and the remote URL are based64-encoded in an attempt to avoid detection. This second-stage JavaScript is heavily obfuscated and acts as a skimmer, identifying and exfiltrating credit card information and billing details to the attacker.
Impact
- Information theft
- Exposure of sensitive data
- Financial loss
Remediation
- Ensure anti-virus software and associated files are up to date.
- Keep applications and operating systems running at the current released patch level.