PHP Abused for Web Skimming Attacks

Outdated PHP versions are the biggest threats

• Citing the seriousness of such threats, researchers recently traced more than 80,000 web servers that used unpatched versions of PHP, making them vulnerable to a variety of cyberattacks.
• Some of the known vulnerabilities that affect these unpatched versions include cross-site scripting (XSS) and SQL Injection (SQLi) vulnerabilities.
• These flaws can be exploited to gain unauthorized access to the sites, modify their content, and steal user data.

A potential source of supply chain attacks

• In the first week of May, security researchers raised an alarm about a decade-old supply chain flaw in the PHP package manager that could have put millions of websites at risk.
• Although there is no evidence of abuse of the vulnerability, the overall popularity of PHP, combined with the number of PHP projects that use Composer, increases the risk of cyberattacks if the flaw is not patched in time.
• In another incident, the attackers had compromised a server of the PHP project to upload two malicious commits, including a backdoor.
• The commits were pushed to the php-src repository, thus fueling an opportunity for supply chain attacks that further compromised more websites.

PHP also makes ways for skimming attacks 

• The ever-evolving web skimming attacks observed new activity from Magecart Group 12 that leveraged PHP web shell to launch card skimmers.
• The web shell, known as Smilodon or Megalodon, was used to dynamically load JavaScript skimming code via server-side requests into online stores.
• It was disguised as a fake favicon image to prevent the detection of the skimmer.

A simple solution