MageCart attacks return to target hundreds of outdated ecommerce sites
Outdated Magento sites attacked all at once
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Hundreds ofecommercewebsites running an outdated and unsupported platform have been targeted by MageCart credit card skimming attacks.
Researchers from Sansec initially discovered 374 infections that occured on the same day, with the same malware - although further analysis put the final number of infected websites at over 500.
Sansec said the attackers used the naturalfreshmalll.com domain (already defunct) to load the malware onto ecommerce websites running Magento 1,Adobe’s open-source ecommerce platform, written in PHP. Magento 1 reached its end-of-life on June 30, 2020, meaning it no longer receives regular security and usability updates, making it a perfect target for cybercriminals.
Quickview vulnerability abused
The researchers believe the attackers took advantage of a known vulnerability found in the Quickview plugin, which allowed them to create a Magento admin account with the highest privileges.
The next step was to just inject a credit card skimmer, with one of the affected websites seeing the attackers inject 19 different backdoors, probably to test out what works best.
The domain from where threat actors loaded themalwareis naturalfreshmall[.]com, currently offline, and the goal of the threat actors was to steal the credit card information of customers on the targeted online stores.
Retailers using WooCommerce are the next target for Magecart card skimmer attacks>Magecart attacks hit thousands of UK SMBs ahead of Black Friday>This Magecart skimmer has been redesigned for mobile
Ecommerce website owners are advised to upgrade their sites to the latest version of Magento to make sure they stay safe from these attacks.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
MageCart is a term used interchangeably between the actual credit card skimming code, and the groups using the code. Cybersecurity researchers have identified “dozens of subgroups” that use these skimmers.
Besides credit card numbers, MageCart attackers are also interested in obtaining shipping addresses, full names of the victims, phone numbers, email addresses, and any and all other information needed to place an order online.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
7 myths about email security everyone should stop believing
Best Usenet client of 2024
Intel Battlemage rumored for December – could new budget GPUs win over gamers neglected by Nvidia and save the Arc brand?
