Security News > 2020 > September > Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000
Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers' bank card information as they enter their details to order stuff online.
Sansec, a software company focused on these so-called "Digital skimming" attacks, discovered that 1,904 cyber-shops had been altered by miscreants over the weekend to include malicious JavaScript that siphoned off folks' card info.
For $5,000, z3r0day will show you a video on how to exploit a security hole in the web software to inject the digital-skimming code into an e-commerce site's files so that the code is run when a customer goes to a payment page on the hijacked site.
The vulnerability isn't easy to patch as the Adobe-owned Magento has ended support for the software.
The best way to avoid such attacks is to migrate to Magento 2, a spokesperson from Sansec told El Reg.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/15/magento_1_exploit_sold_online/
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)