Report: Mass Magecart attack affects outdated Magento software
Hackers are reportedly targeting a specific set of e-commerce sites with malware.
According to Bleeping Computer, over 500 e-commerce sites running the Adobe Magento 1 system have been infected with a credit card skimmer as a result of a Magecart attack from a single domain, which is currently offline. The malware is designed to intercept and steal credit card information entered by customers, without the retailers or shoppers being aware.
First rising to prevalence in 2019, Magecart attacks use malicious JavaScript to illegally harvest credit card data from e-commerce purchases. Cybercriminals gain access to an e-commerce site and install JavaScript to collect card data and send it to the attacker every time a customer makes a purchase.
Retailers may use services to check their sites for new script, but the attackers can analyze the checks, and if one is different enough from normal site visits, the attacker can analyze where it’s from and return the regular site if they recognize the IP address. This allows Magecart attackers to only run the malicious script when a customer makes a purchase.
The current attack on sites using Magento 1 was reportedly discovered by security analysts in late January 2021, after 374 site infections using the same malware were discovered in a single day. Although Magecart attacks are typically launched to steal consumer credit card information, this specific virus reportedly could also allow hackers to completely take over an infected site.
Adobe stopped supporting Magento 1 in June 2020, but many e-commerce sites still run this version of the platform. E-commerce retailers using Magento are advised to check the version of Magento they are currently using with a digital guide from Adobe.
In a high-profile July 2020 incident, hackers sponsored by the government of North Korea reportedly launched an effort to stealing payment card data from customers of U.S. e-commerce retailers using Magecart attacks. Retailers affected by the hack reportedly included Claire’s, Focus Camera, and Paper Source. The hackers are also said to have created a fake Claire’s e-commerce site for the purpose of fraudulently collecting consumer payment card data.
“Retail breaches are like Willy Wonka’s Everlasting Gobstopper – they’re never going away,” Dan Dinnar, CEO of Source Defense, said in an exclusive commentary to Chain Store Age. “Client-side attacks like Magecart – digital skimming, formjacking – are only going to increase given the exponential growth in e-commerce transactions over the past two years.
“This favored attack vector bypasses the server-side protections many retailers have in place, and takes advantage of the fact that retailers have, on average, a dozen or more third and Nth parties running JavaScript on their sites,” said Dinnar. “The compromise of this code should be considered a major area of third-party risk that needs to be addressed. We’re talking about material risk that could cost retailers tens of millions per incident – and with an estimated 50,000-100,000 sites currently running Magento 1, this disclosure of 500 impacted sites could just be the tip of the iceberg.”