Hackers Abuse Magento PayPal Integration to Test Validity of Stolen Credit Cards (Mar 27, 2019)
Threat actors have been observed to be exploiting a feature in Magento-supported PayPal "Payflow Pro" integration that is used in online stores to test the validity of stolen payment card numbers. Threat actors test the cards by attempting numerous transactions of $0 USD to see if the transactions are approved. This has been exploited in the wild, and affects stores using the PayPal Payflow Pro integration in Magento versions 2.1.x and 2.2.x.
Recommendation: Both versions of the Magento CMS, the self-hosted open source version and the on-premise commercial Magento version, are vulnerable to this. Web owners should implement web application firewall (WAF) or other anti-brute-force or bot detection systems on their sites to protect against exploitation such as this. It is also suggested that shop owners reach out to PayPal to find out more information regarding anti-fraud security measures that can be employed on PayPal business accounts to prevent accounts being locked and suspended following repeat automated operations.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.