What is the Issue?
Security researchers have discovered that a massive hacking campaign is targeting the ecommerce platform Magento. Hackers are infecting stores that use the platform with a skimmer script in the source code, dubbed MagentoCore that siphon’s payment card data from users who purchased on the sites.
Why is this noteworthy?
Experts have found that the MagentoCore script has infected 7,339 stores in the past six months, the campaign is still ongoing and hackers are compromising new stores at a pace of 50 to 60 sites per day. The stolen credit data has been discovered on the dark web listed for sale.
What is the exposure or risk?
All stores using the Magento Ecommerce Platform are at risk of being infected. Once infected the script records keystrokes of customers and sends them to a “magentocore.net” server. Infected websites can lead to the loss of customer’s sensitive data.
What are the recommendations?
SKOUT recommends users only purchase goods on reputable sites that use HTTPS and validate companies are safe with research. Update passwords regularly and keep a close eye on bank credit card statements.
References:
- https://securityaffairs.co/wordpress/75812/hacking/magentocore-campaign.html
- https://www.sitelock.com/blog/2017/08/magento-infection-stolen-credit-card-data/
If you have any questions, please contact our Security Operations Center.
