Rewterz Threat Alert – gstaticapi Credit Card Stealing Malware

Rewterz Threat Alert – Emotet – IoCs

September 28, 2020

Rewterz Threat Advisory – CVE-2020-4727 – IBM InfoSphere Information Server clickjacking

September 28, 2020

Rewterz Threat Alert – gstaticapi Credit Card Stealing Malware

Severity

High

Analysis Summary

A malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.

To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” ?— this location typically belongs to the step in Magento’s checkout process where users enter their sensitive credit card information and shipping details. Both the string “checkout” and the remote URL are based64-encoded in an attempt to avoid detection. This second-stage JavaScript is heavily obfuscated and acts as a skimmer, identifying and exfiltrating credit card information and billing details to the attacker.

Impact

Information theft
Exposure of sensitive data
Financial loss

Remediation

Ensure anti-virus software and associated files are up to date.
Keep applications and operating systems running at the current released patch level.

Rewterz Threat Alert – Emotet – IoCs

Rewterz Threat Advisory – CVE-2020-4727 – IBM InfoSphere Information Server clickjacking

Rewterz Threat Alert – gstaticapi Credit Card Stealing Malware

Severity

Analysis Summary

Impact

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan