Security News > 2020 > December > Stealthy Magecart malware mistakenly leaks list of hacked stores
A list of dozens of online stores hacked by a web skimming group was inadvertently leaked by a dropper used to deploy a stealthy remote access trojan on compromised e-commerce sites.
Researchers at Sansec, a security company focused on protecting e-commerce stores from web skimming attacks, said that the malware was delivered in the form of a 64-bit ELF executable with the help of a PHP-based malware dropper.
Despite the quite advanced RAT malware they used as a backdoor into hacked e-commerce servers, the Magecart group also made one rookie mistake by including a list of hacked online stores within their dropper's code.
Sansec hijacked the attackers' RAT dropper and found that it also contained a list of 41 compromised stores besides the usual malicious code used to parse deployment setups for several Magecart scripts.
Sansec has also reached out to the online stores included in the Magecart malware dropper's code to let them know that their servers have been infiltrated.