Our good friends at Sucuri Security discovered a vulnerability targeting Magento sites with the Braintree Payments extension installed.
Braintree Payments, is a web payment system for ecommerce companies. What makes Braintree a popular choice for merchant is it’s easy integration, vast payment method options, simple pricing, and great support. Magento merchants would need to integrate the Braintree Payments extension to handle payment transaction via their Brandtree account.
Sucuri mentions that hackers who have gain unauthorized access to merchant sites are implementing malware designed to collect credit card information from customers who use the Braintree payment form during checkout. The malware is scripted once a user reaches the payment page and check the payment form every second to collect information entered into the fields. The information is then exfiltrated to the hacker without the merchant or user knowing.
According to Sucuri, “Roughly every second, the timedMe function checks if the order form has been completed, meaning the customer has entered a credit card number and CVV, and sends the entered data to a remote server. To obtain the form data, the malicious code uses the Braintree gene_braintree_creditcard object which is used for regular credit card payments.”
As always, it’s important for store owners using the Magento platform to follow Magento’s Security Best Practices, which is a set of guidelines and recommendations to keep your store at bay from security attacks. If you are a Magento merchant who uses Braintree Payments as your processor and would like more information on what to do next. Please contact us at email@example.com
Read the full article at: Credit Card Stealer Goes After Stores Using the Braintree Magento Extension