Hackers abuse Magento PayPal integration to test validity of stolen credit cards

guest · Mar 27, 2019

Hackers abuse Magento PayPal integration to test validity of stolen credit cards
Attacks observed targeting online stores running Magento 2.1.x and 2.2.x versions
March 27, 2019
https://www.zdnet.com/article/hacke...tion-to-test-validity-of-stolen-credit-cards/

The technique consists of attackers attempting hundreds of $0 transactions with stolen payment cards to check a card's validity.
The transactions are executed against Magento stores that support the PayPal Payflow Pro integration.

Many stores use it because it allows them to receive payments via PayPal using a checkout form embedded on their sites and without users leaving the store to enter details on the PayPal portal.
ABUSE DETECTED IN THE WILD
According to a security advisory issued by the Magento team and seen by ZDNet, hackers are abusing the PayPal Payflow Pro integration included in Magento 2.1.x and 2.2.x versions to test the validity of stolen cards.
Click to expand...

SAFEGUARDING STORES IS A MUST
The Magento team is now recommending that shop owners look into putting up a web application firewall (WAF) or other anti-brute-force or bot detection systems in place to protect stores against such abuse.

Store owners might think that they're not subject to losing any money, as hackers are merely testing some payment card details, but the reality is not so.
The Magento team warns store owners that PayPal may suspend their accounts after repeated automated operations
Click to expand...

Log in or Sign up

Hackers abuse Magento PayPal integration to test validity of stolen credit cards

guest Guest

Log in or Sign up

Hackers abuse Magento PayPal integration to test validity of stolen credit cards

guest Guest

Useful Searches