Hundreds of ecommerce websites running an outdated and unsupported platform have been targeted by MageCart credit card skimming attacks.
Researchers from Sansec initially discovered 374 infections that occured on the same day, with the same malware – although further analysis put the final number of infected websites at over 500.
Sansec said the attackers used the naturalfreshmalll.com domain (already defunct) to load the malware onto ecommerce websites running Magento 1, Adobe’s open-source ecommerce platform, written in PHP. Magento 1 reached its end-of-life on June 30, 2020, meaning it no longer receives regular security and usability updates, making it a perfect target for cybercriminals.
Quickview vulnerability abused
The researchers believe the attackers took advantage of a known vulnerability found in the Quickview plugin, which allowed them to create a Magento admin account with the highest privileges.
The next step was to just inject a credit card skimmer, with one of the affected websites seeing the attackers inject 19 different backdoors, probably to test out what works best.
The domain from where threat actors loaded the malware is naturalfreshmall[.]com, currently offline, and the goal of the threat actors was to steal the credit card information of customers on the targeted online stores.
Ecommerce website owners are advised to upgrade their sites to the latest version of Magento to make sure they stay safe from these attacks.
MageCart is a term used interchangeably between the actual credit card skimming code, and the groups using the code. Cybersecurity researchers have identified “dozens of subgroups” that use these skimmers.
Besides credit card numbers, MageCart attackers are also interested in obtaining shipping addresses, full names of the victims, phone numbers, email addresses, and any and all other information needed to place an order online.
Via: BleepingComputer
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba