Security News > 2023 > June > Online sellers targeted by new information-stealing malware campaign
Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks.
The new campaign launched this week, with threat actors sending complaints to online store admins through email and website contact forms.
These emails pretend to be from a customer of an online store who had $550 deducted from their bank account after an alleged order did not properly go through.
Online sellers are a juicy target for threat actors as gaining credentials to the backend of eCommerce sites allows for various attack types.
Once a threat actor gains access to an online store's admin backend, they can inject malicious JavaScript scripts to perform MageCart attacks, which is when the code steals customers' credit cards and personal information of customers during checkout.
To prevent further attacks, You should change your password on all your accounts, especially those associated with your online commerce sites, bank accounts, and email addresses.