Security News > 2020 > September > Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000

Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000
2020-09-15 13:29

Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers' bank card information as they enter their details to order stuff online.

Sansec, a software company focused on these so-called "Digital skimming" attacks, discovered that 1,904 cyber-shops had been altered by miscreants over the weekend to include malicious JavaScript that siphoned off folks' card info.

For $5,000, z3r0day will show you a video on how to exploit a security hole in the web software to inject the digital-skimming code into an e-commerce site's files so that the code is run when a customer goes to a payment page on the hijacked site.

The vulnerability isn't easy to patch as the Adobe-owned Magento has ended support for the software.

The best way to avoid such attacks is to migrate to Magento 2, a spokesperson from Sansec told El Reg.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/09/15/magento_1_exploit_sold_online/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Magento 3 52 119 27 11 209