Criminal Hackers Exploit Magento Online Shops To Check Stolen Payment Cards

  • 121
  • 1

Cybercriminals have found a new way to exploit stolen payment cards. Allegedly, they now abuse the payment systems of Magento online shops to assess stolen debit/credit cards. This affects all Magento online stores supporting PayPal Integration.

Magento Online Shops Under Attack

Hacker groups are exploiting Magento online shops to check the validity of payment cards. The attack is ongoing in the form of a massive campaign in the wild, targeting online stores.

Allegedly, the fraudsters abuse a feature of Magento online stores to check the stolen debit and credit cards for a valid status. Precisely, this affects online sites supporting PayPal Payflow Pro integration – a feature employed by online stores for smooth payments from PayPal accounts.

The campaign was noticed after observing multiple attempts of $0 transactions with stolen payment cards against Magento stores. As stated by ZDNet,

“Crooks aren’t using the stolen cards to place orders for real products, but merely initiating a $0-sized transaction and see if it returns any errors –and indirectly confirm that the card details are valid.”

Magento team confirmed the campaign, highlighting that it precisely targets the PayPal integration feature in Magento 2.1.x and 2.2.x versions. Regarding Magento 2.3.x versions, Magento has not noticed any active exploits yet. However, they do not rule out the possibility of the vulnerability of these versions to this campaign.

What You Should Do

For now, Magento recommends all users, especially, the store owners to employ robust security measures to protect their online shops. They advise using WAF, bot detection systems, and anti brute force measures to prevent any abusive events.

Besides, they also warn the store owners about the possible suspension of their PayPal accounts owing to recurrent automated operations. Thus, they may contact PayPal to know about any active security measures to avoid such happenings.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!