Rewterz

Rewterz Threat Alert – Emotet – IoCs

September 28, 2020
Rewterz

Rewterz Threat Advisory – CVE-2020-4727 – IBM InfoSphere Information Server clickjacking

September 28, 2020

Rewterz Threat Alert – gstaticapi Credit Card Stealing Malware

Severity

High

Analysis Summary

A malicious script used on a Magento website titled gstaticapi, which targeted checkout processes to capture and exfiltrate stolen information.

To obtain sensitive details, the malware loads external javascript whenever the URL contains “checkout” ?— this location typically belongs to the step in Magento’s checkout process where users enter their sensitive credit card information and shipping details. Both the string “checkout” and the remote URL are based64-encoded in an attempt to avoid detection. This second-stage JavaScript is heavily obfuscated and acts as a skimmer, identifying and exfiltrating credit card information and billing details to the attacker.

Impact

  • Information theft
  • Exposure of sensitive data
  • Financial loss

Remediation

  • Ensure anti-virus software and associated files are up to date.
  • Keep applications and operating systems running at the current released patch level.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.