Magecart Attack Impacts More Than 10K Online Shoppers

2020-09-14 16:01

According to Sansec Threat Intelligence, online stores running Magento versions 1 and 2 are being targeted in a classic Magecart attack pattern, where e-commerce sites are hacked, either via a common vulnerability or stolen credentials.

"On Friday, 10 stores got infected, then 1058 on Saturday, 603 on Sunday and 233 today.Most stores were running Magento version 1, which was announced end-of-life last June. However, some stores were running Magento 2.".

Sansec's forensic investigation showed that on Magento 1 stores, a skimmer was injected into the file "Prototype.js," which is part of a standard Magento installation.

For the affected Magento 2 stores, a skimmer was found in a jquery.

"Attacker(s) used the U.S.-based IP 92.242.62.210 to interact with the Magento admin panel, and used the 'Magento Connect' feature to download and install various files, including a malware called mysql.php. This file was automatically deleted after the malicious code was added to prototype.js."

News URL

https://threatpost.com/magecart-campaign-10k-online-shoppers/159216/

#attack #magecart #online