Security News > 2020 > September > Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000
Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers' bank card information as they enter their details to order stuff online.
Sansec, a software company focused on these so-called "Digital skimming" attacks, discovered that 1,904 cyber-shops had been altered by miscreants over the weekend to include malicious JavaScript that siphoned off folks' card info.
For $5,000, z3r0day will show you a video on how to exploit a security hole in the web software to inject the digital-skimming code into an e-commerce site's files so that the code is run when a customer goes to a payment page on the hijacked site.
The vulnerability isn't easy to patch as the Adobe-owned Magento has ended support for the software.
The best way to avoid such attacks is to migrate to Magento 2, a spokesperson from Sansec told El Reg.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/15/magento_1_exploit_sold_online/
Related news
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian Turla hackers hit Starlink-connected devices in Ukraine (source)