FBI FLASH – Cyber Actors Scrape Credit Card Data from US Business’ Online Checkout Page and Maintain Persistence by Injecting Malicious PHP Code

The FBI has published a TLP:WHITE FLASH warning that cyber actors are scraping credit card data from U.S. business’ online checkout page and maintaining persistence on victims’ devices by injecting malicious php code. The FLASH indicates that since January of this year, unknown threat actors have stolen credit card data from an online U.S. business and sent the scraped data to an adversary-controlled server that spoofed a legitimate card processing server. According to the FBI, the “cyber actors also established backdoor access to the victim’s system by modifying two files within the checkout page.” The FLASH includes further technical details regarding this activity, including indicators of compromise, and lists recommended mitigations. It also encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov. Access the FLASH at IC3.