答案已發布上週Last edited 5 天前23 來源

Magecart 黑客將 Stripe 變成完美偽裝嘅網絡攻擊指揮中心

由 Sansec 發現嘅新 Magecart 攻擊，利用 Stripe 測試模式 API 寄存盜竊程式碼同儲存被盜嘅信用卡資料，將成個攻擊隱藏喺網店必定會信任嘅支付域名背後，全程唔使掂任何惡意伺服器 [17][15]。成個攻擊鏈完全經 googletagmanager.com 同 api.stripe.com 傳送數據，由載入惡意程式、偷卡到外傳資料，都扮到同正常支付流量一模一樣 [17]。

使用 Studio Global AI 搜尋並查核事實瀏覽更多熱門頁面

415K0

Conceptual illustration of the Stripe Magecart skimmer attack showing trusted domains like Google Tag Manager and api.stripe.com used to inject and exfiltrate data from a checkout — What is the newly discovered Magecart campaign that exploits Stripe's infrastructure as a command-and-control server and data exfiltration pThe skimmer never loads from a malicious domain. The loader, the payload, and the stolen cards all move through googletagmanager.com and api.stripe.com. Image: OpenAI / Studio Global.
AI 提示
Create a landscape editorial hero image for this Studio Global article: What is the newly discovered Magecart campaign that exploits Stripe's infrastructure as a command-and-control server and data exfiltration p. Article summary: Below is a detailed breakdown of both active threats.. Topic tags: general, government, general web, documentation, user generated. Reference image context from search candidates: Reference image 1: visual subject "Cybersecurity researchers at Silent Push Preemptive Cyber Defense have uncovered an extensive and sophisticated web-skimming campaign that has been actively stealing credit card da" source context "New Magecart Campaign Steals Credit Card Details During Online Checkouts" Reference image 2: visual subject "* Silent Push Preemptive Cyber Defense Analysts recently uncovered an extensive network of domains associated with a long-term, ongoing web-skimmer
openai.com

網絡保安公司 Sansec 同 BleepingComputer 喺 2026 年 6 月揭露咗一波好狡猾嘅 Magecart 攻擊浪潮。黑客今次直頭利用 Stripe 自己嘅基礎設施，將佢變成即用即棄嘅指揮控制平台同資料外傳管道。成個攻擊最陰濕嘅地方係，由頭到尾都無載入過任何惡意域名嘅程式碼，所有嘢——包括載入器、盜竊程式碼、同偷返嚟嘅支付資料——全部都經 googletagmanager.com 同 api.stripe.com 呢兩個域名傳送。呢兩個域名對現代電商嚟講，幾乎係「必須信任」嘅級別，莫講話封鎖，連認真檢查都唔會。同一時間，WordPress 插件 Everest Forms Pro 爆出一個編號 CVE-2026-3300 嘅高危漏洞，正被黑客大規模利用嚟全面接管網站，情況一樣咁危急。

拆解 Stripe Magecart 攻擊嘅三段式佈局

呢次攻擊將三個階段串連起嚟，每一階段都濫用一個正當服務嚟避開偵測，心思非常縝密。

Studio Global AI

Search, cite, and publish your own answer

Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.

使用 Studio Global AI 搜尋並查核事實

人們還問