New malware is targeting E-commerce platforms in U.S., Germany, and France. The malware attacks the Nginx servers to conceal its identity and go undetected by security solutions.
“This novel code injects itself into a host Nginx application and is nearly invisible,” the Sansec Threat Research team said in a new report. “The parasite is used to steal data from eCommerce servers, also known as ‘server-side Magecart.'”
Ngnix, a free and open-source software, is a web server that can be used for reverse proxy, load balancer, mail proxy, and HTTP cache. NginRAT, the advanced malware, hijacks a host Nginx application to plant itself into the webserver.
CronRAT is used for delivering the remote access trojan. CronRAT is another malware reported by a Dutch cybersecurity firm, which embeds itself in malicious payloads in cron jobs.
Skimmer groups are growing rapidly and targeting various e-commerce platforms using a variety of ways to remain undetected,” Zscaler researchers noted in an analysis of the latest Magecart trends published earlier this year.
“The latest techniques include compromising vulnerable versions of e-commerce platforms, hosting skimmer scripts on CDNs and cloud services, and using newly registered domains (NRDs) lexically close to any legitimate web service or specific e-commerce store to host malicious skimmer scripts.”