Security News > 2020 > September > Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000
Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers' bank card information as they enter their details to order stuff online.
Sansec, a software company focused on these so-called "Digital skimming" attacks, discovered that 1,904 cyber-shops had been altered by miscreants over the weekend to include malicious JavaScript that siphoned off folks' card info.
For $5,000, z3r0day will show you a video on how to exploit a security hole in the web software to inject the digital-skimming code into an e-commerce site's files so that the code is run when a customer goes to a payment page on the hijacked site.
The vulnerability isn't easy to patch as the Adobe-owned Magento has ended support for the software.
The best way to avoid such attacks is to migrate to Magento 2, a spokesperson from Sansec told El Reg.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/09/15/magento_1_exploit_sold_online/
Related news
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- France ties Russian APT28 hackers to 12 cyberattacks on French orgs (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)
- Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics (source)
- Russian hackers breach orgs to track aid routes to Ukraine (source)
- Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages (source)