Magento software

Report: Massive Magecart attack affects outdated Magento software

Hackers would target a specific set of e-commerce sites with malware.

According to beeping computer, more than 500 e-commerce sites running Adobe Magento 1 system have been infected with credit card skimmer following a Magecart attack from a single domain, which is currently offline. The malware is designed to intercept and steal credit card information entered by customers, without the knowledge of retailers or buyers.

First rise in prevalence in 2019, Magecart attacks use malicious JavaScript to illegally harvest credit card data from online purchases. Cybercriminals access an e-commerce site and install JavaScript to collect card data and send it to the attacker each time a customer makes a purchase.

Retailers can use services to scan their sites for new scripts, but attackers can analyze the checks, and if one is different enough from normal site visits, the attacker can analyze where it came from and return the normal site if it recognizes the IP address. This allows Magecart attackers to only run the malicious script when a customer makes a purchase.

The current attack on sites using Magento 1 was reportedly discovered by security analysts in late January 2021, after 374 infections of sites using the same malware were discovered in a single day. Although Magecart attacks are typically launched to steal consumer credit card information, this specific virus could also allow hackers to completely take over an infected site.

Adobe stopped supporting Magento 1 in June 2020, but many e-commerce sites still use this version of the platform. E-merchants using Magento are advised to check the version of Magento they are currently using with a digital guide from Adobe.

In a high-profile incident in July 2020, hackers sponsored by the The North Korean government has reportedly launched an effort to steal customer payment card data from US e-commerce retailers using Magecart attacks. Retailers affected by the hack reportedly included Claire’s, Focus Camera and Paper Source. The hackers also allegedly created a fake Claire’s e-commerce site in an attempt to fraudulently collect consumer payment card data.

“Retail violations are like Willy Wonka’s Everlasting Gobstopper – they never go away,” Source Defense CEO Dan Dinnar said in an exclusive commentary to chain store age. “Client-side attacks like Magecart – digital skimming, formjacking – will only increase given the exponential growth of e-commerce transactions over the past two years.

“This preferred attack vector bypasses the server-side protections that many retailers have in place and takes advantage of the fact that retailers have, on average, a dozen or more 3rd and nth parties running JavaScript on their sites,” said Dinar.The compromise of this code should be considered a major area of ​​third-party risk that must be addressed. We’re talking about a hardware risk that could cost retailers tens of millions per incident – and with around 50,000-100,000 sites currently running Magento 1, this disclosure of 500 affected sites may just be the tip of the iceberg. .