You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Breaches and Incidents
- Magecart attackers compromise over 80 eCommerce sites

Magecart attackers compromise over 80 eCommerce sites
Magecart attackers compromise over 80 eCommerce sites- August 29, 2019
- |
- Breaches and Incidents
/https://cystory-images.s3.amazonaws.com/shutterstock_313339853.jpg)
- All of the compromised e-commerce websites are running an outdated version of Magento such as v1.5, v1.7, or v1.9.
- 25% of these compromised websites are large brands in the motorsports industry and luxury retail.
What’s the matter?
Security researchers from Aite Group and Arxan Technologies have discovered that Magecart attackers have compromised over 80 eCommerce websites.
A brief overview
Researchers from Aite Group analyzed e-commerce websites and within 2.5 hours of research they found out at least 80 e-commerce sites that were compromised by Magecart attackers.
The research revealed that 100% of the analyzed eCommerce websites were not protected and were vulnerable to digital card skimming and formjacking attacks.
Researchers reported their findings to federal law enforcement and are notifying all the impacted e-commerce organizations. The compromised e-commerce sites belong to various countries such as the United States, Canada, Europe, Latin America, and Asia. However, the names of the victim sites were not revealed.
“To conduct this research, Aite Group used a source code search engine that scoured the web for obfuscated JavaScript that was found in repeating patterns of previously published Magecart breaches on pastebin.com.” read the report.
Key findings
- All of the compromised e-commerce websites are running an outdated version of Magento such as v1.5, v1.7, or v1.9 that are vulnerable to arbitrary file upload, remote code execution, and cross-site request forgery vulnerabilities.
- 25% of these compromised websites are large brands in the motorsports industry and luxury retail.
- All of these compromised sites failed to use in-app protection such as code obfuscation and tamper detection.
- All the eCommerce sites were not compromised by a single group of Magecart attackers.
- Apart from selling the stolen payment card data on the dark web forums, the attackers also purchase merchandise on legitimate online shopping sites with the stolen payment card data and reship them to pre-selected merchandise mules.
“The attacker has the purchased items shipped to their merchandise mules. To recruit merchandise mules, the attacker posts jobs that offer people the ability to work from home and earn large sums of money to receive and reship merchandise purchased with the stolen credit card numbers,” wrote the researchers in the report.
Recommendations
- Researchers have recommended the e-commerce websites to update or patch their platform software to the latest version as soon as possible.
- They have suggested e-commerce sites to implement code obfuscation and white-box cryptography to make the web forms unreadable.
- Online shoppers are also advised to periodically review their payment card details and bank statements for any suspicious activity.
- + Aware
Get such articles in your inbox
News
-
Previous News Cisco patches critical vulnerability in Virtual Service Container for IOS XE
- August 29, 2019
- |
- Malware and Vulnerabilities
-
Next News First half of 2019 belonged to WannaCry and other five other ransomware variants
- August 28, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News Cisco patches critical vulnerability in Virtual Service Container for IOS XE
- August 29, 2019
- |
- Malware and Vulnerabilities
-
Next News First half of 2019 belonged to WannaCry and other five other ransomware variants
- August 28, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
Categories
