Security News > 2020 > September > Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000
Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers' bank card information as they enter their details to order stuff online.
Sansec, a software company focused on these so-called "Digital skimming" attacks, discovered that 1,904 cyber-shops had been altered by miscreants over the weekend to include malicious JavaScript that siphoned off folks' card info.
For $5,000, z3r0day will show you a video on how to exploit a security hole in the web software to inject the digital-skimming code into an e-commerce site's files so that the code is run when a customer goes to a payment page on the hijacked site.
The vulnerability isn't easy to patch as the Adobe-owned Magento has ended support for the software.
The best way to avoid such attacks is to migrate to Magento 2, a spokesperson from Sansec told El Reg.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/15/magento_1_exploit_sold_online/
Related news
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)
- Russian cyber spies hide behind other hackers to target Ukraine (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Hackers steal ZAGG customers' credit cards in third-party breach (source)
- Russian ISP confirms Ukrainian hackers "destroyed" its network (source)
- How Russian hackers went after NGOs’ WhatsApp accounts (source)
- EU sanctions Russian GRU hackers for cyberattacks against Estonia (source)