430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Thousands of Magento stores hacked in a few days in largest-ever skimming campaign

Thousands of Magento online stores have been hacked over the past few days as part of the largest ever skimming campaign. Security experts from cybersecurity firm Sansec reported that nearly 2,000 Magento online stores have been hacked over the past few days as part of the largest ever Magecart-style campaign. Most of the hacked sites […]

Magento

Thousands of Magento online stores have been hacked over the past few days as part of the largest ever skimming campaign.

Security experts from cybersecurity firm Sansec reported that nearly 2,000 Magento online stores have been hacked over the past few days as part of the largest ever Magecart-style campaign. Most of the hacked sites were running Magento 1 version, but in some cases, the compromised stores were running Magento 2. Sansec researchers confirmed that this is the largest automated campaign they have observed to date since 2015

Experts reported that threat actors compromised over 1,000 stores on Saturday, other 600 on Sunday, and over 200 on Monday.

“Over the weekend, almost two thousand Magento 1 stores across the world have been hacked in the largest automated campaign to date. It was a typical Magecart attack: injected malicious code would intercept the payment information of unsuspected store customers.” read the analysis published by the researchers. “Inspected stores were found running Magento version 1, which was announced End-Of-Life last June.”

The previous record was 962 compromised Magento stores in a single day that occurred in July 2019.

In the recent attacks, threat actors planted a software skimmer on the hacked websites that were designed to steal payment data entered by users on the checkout page. Then the attackers were exfiltrating it to a server hosted in Russia.

Sansec researchers speculate that tens of thousands of customers of the online stores had their personal and financial information stolen over the weekend.

Experts believe the crooks might be using a new exploit code for the popular CMS that was offered a few weeks ago on a hacking forum for $5,000 by a Russian seller that goes online with the moniker ‘z3r0day.’ z3r0day declared that he was selling only 10 copies of its exploit.

Magento

The exploit works on online powering the Magento 1 version that still running on 95,000 websites.

“According to live Sansec data, some 95 thousand Magento 1 stores are still operating as of today.” concludes the analysis.

“Official PCI requirements are to use a malware & vulnerability scanner on the server, such as Sansec’s eComscan. Sansec also recommends to subscribe to alternative Magento 1 patch support, such as provided by Mage One.”

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, MAgecart)

[adrotate banner=”5″]

[adrotate banner=”13″]