Stripe API Vulnerability Exploited by Magecart

A recent Magecart conspiracy has started using Stripe’s API infrastructure to expose public credit card information. The Magecart is a criminal network that diversifies and seeks new ways to exploit the security of web sites.

As usual, this new ransomware mode unfolds across the entire site-to-site web domain. In this new approach, the hackers use Stripe's API to host the payload. The data exfiltrated includes the client’s IP address, SSL key (which enables secure transmission), and the domain used for the transaction.

Once these details are registered on Stripe’s infrastructure, the hackers can carry out remote attacks. For example, they can expose credit card information without authorization or even steal an SSL key, which would allow them to create a completely personalized payment panel.

This is the first time that hackers have used Stripe's API infrastructure to host the payload. They also used other services like PayPal and Venmo, but failed to obtain more detailed or accurate data.

This ransomware mode is a new approach showing that criminals truly believe in web site security. This is a strong signal for service providers and web developers who must be more vigilant on system security and their API infrastructure.

Do not forget:

• Magecart: A criminal network diversifying.
• Stripe: The API infrastructure used by the Magecart to host the payload.
• Credit Cards: Exposed on web sites.
• Payment: Secure transactions via SSL.