Security News > 2023 > June > Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack
Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information and credit card data from e-commerce websites.
"Attackers employ a number of evasion techniques during the campaign, including obfuscating [using] Base64 and masking the attack to resemble popular third-party services, such as Google Analytics or Google Tag Manager," Akamai security researcher Roman Lvovsky said.
The idea, in a nutshell, is to breach vulnerable legitimate sites and use them to host web skimmer code, thereby leveraging the good reputation of the genuine domains to their advantage.
"Rather than using the attackers' own C2 server to host malicious code, which may be flagged as a malicious domain, attackers hack into a vulnerable, legitimate site, such as a small or medium-sized retail website, and stash their code within it," Akamai noted.
"This attack included the exploitation of Magento, WooCommerce, WordPress, and Shopify, demonstrating the growing variety of vulnerabilities and abusable digital commerce platforms," Lvovsky said.
Another trick employed is the JavaScript code snippets function as loaders to fetch the full attack code from the host victim website, thereby minimizing the footprint and likelihood of detection.
News URL
https://thehackernews.com/2023/06/magento-woocommerce-wordpress-and.html
Related news
- Companies mentioned on the dark web at higher risk for cyber attacks (source)
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- SolarWinds Web Help Desk flaw is now exploited in attacks (source)