When e-commerce websites that are using Magento software have been analyzed it has been revealed that there is a dangerous payment skimming malware that has been stealing thousands from the users. The infection was found by a Dutch security blogger and researcher Willem de Groot.
How many online stores are affected?
The malware was named MagentoCore and has been affecting the e-commerce sites that are using Magento. The skimmer was installed in more than 7,339 online stores in the last six months and has been affecting more than 50 new websites a day.
“The victim list contains multi-million dollar, publicly exchanged companies, which suggests the malware operators make a handsome profit. But the real sufferers are eventually the customers, who have their card and identity stolen,” de Groot said.
How does the malware work?
The malware usually uses the brute-force attack where it tries to guess the password of the Magento Admin panel for months and once the access is gained by the software will inject a malicious piece of code to the HTML and from them all the keystrokes from the customers on the website are recorded and the data is sent back to the hacker’s main server. This data consists of usernames, passwords, credit card information and personal details.
There is also a recovery mechanism which deleted the code when it has run. Groot has analyzed more than 220,000 websites and 4,2% of them were already leaking user data.
4.2% of all Magento stores globally are currently leaking payment and customer data pic.twitter.com/Utw9W3t3Oa
— Willem de Groot (@gwillem) August 27, 2018
On his blog, de Groot suggests any business that finds itself affected to follow some key steps, including finding how the malware got into the operation in the first place and closing all points of entrance immediately.
“Analyse backend access logs, correlate with staff IPs and typical working hours. If suspicious activity is recorded from staff IPs, it could be that a staff computer is infected with malware, or that the attacker has hijacked an authorised session,” de Groot said.
Take your time to comment on this article.
Latest posts by Harikrishna Mekala (see all)
- A Serious Security Flaw Found in LibSSH - October 19, 2018
- Flaws in Branch.io Affected Over 685 Million Users - October 17, 2018
- Microsoft Store Has Been Hosting an Ad Clicker Disguised as a Google Photos App - October 16, 2018