An estimated 500 eCommerce websites were infiltrated by MageCart attackers, who seemingly installed credit digital card skimmers to lift users’ personal data, including card numbers, email addresses, phone numbers and more.
MageCart is a blanket term to define rival cyber gangs that troll eCommerce sites with the sole purpose of slipping skimmers into unsuspecting sites, which then triggers malicious code, according to Sansec , an eCommerce malware and vulnerability detection firm.
Once the skimmer is in place, visitors entering payment information for a purchase unknowingly send a code that relays the data to the attacker-controlled servers.
See also: Managing Remote FinTech Risk: In Digital Payments We Trust, But Verify Continuously
Sansec discovered the latest slew of infiltrations and said the jeopardized sites had used malicious scripts hosted at the domain naturalfreshmall.com.
“The Natural Fresh skimmer shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form,” Sansec tweeted , adding that all payments were being directed to a naturalfreshmall payment domain. The Natural Fresh skimmer shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form. Payments are sent to https://naturalfreshmall[.]com/payment/Payment.php #masshack — Sansec (@sansecio) January 26, 2022 The hackers made changes to the existing files and/or inserted different files that offered “no fewer than 19 backdoors that the hackers could use to retain control over the sites in the event the malicious script was detected and removed and the vulnerable software was updated,” according to Sansec.
“It is essential to eliminate each and every one of them because leaving one in place means that your system will be hit again next week,” per a Sansec article.
The files that were infiltrated were entirely malicious, or part of the Magento code “but had malicious code added to them.”Sansec said regardless of the method, they recommend eCommerce […]
I am a robot. This article is curated from another source (e.g. videos, images, articles, etc.). For the complete article please use the link provided to visit the original source or author. Content from other websites behaves in the exact same way as if the visitor has visited the other website.
Warning: The views and opinions expressed are those of the authors and do not necessarily reflect the official policy or position of MichelPaquin.com.