Security News > 2022 > February > Wave of MageCart attacks target hundreds of outdated Magento sites
Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them.
Sansec's subsequent investigation unveiled that the attackers abused a known vulnerability in the Quickview plugin to inject rogue Magento admin users that could then run code with the highest privileges.
In practice siphoning payment details using MageCart atttacks is more beneficial to the threat actors; that's why this particular wave of attacks focused on doing precisely that.
No less than 19 backdoors were injected in one case of the NaturalFreshMall Magento mass hack.
Sansec February 9, 2022 Magento 1 is still in use.
Adobe has stopped supporting the Magento 1 branch of the popular e-commerce platform since June 30, 2020, but thousands of sites are still using the outdated software.