News

Magecart attack steals personal data from Magento 1 stores

Tuesday 15 September 2020 12:38 CET | News

An automated Magecart campaign against 2,000 Magento stores has compromised the private information of thousands of customers.

According to SC Media, many of the attacked stores had no prior history of security incidents, suggesting that a new attack method was used to gain server access to all these stores. Sansec researchers are the ones that discovered the hacks and stated that the incidents are still under investigations. 

However, it appears that the campaign could have been related to a recent Magento 1 zero-day exploit that was put up for sale weeks before the incident. Magento 1.0 sites remain an attractive target for hackers looking to steal logins, personal data, and financial data, because this version no longer receives software updates as of June 2020, leaving sites exposed to zero-day vulnerabilities.

Furthermore, Sansec revealed that the attackers used the IPs 92.242.62.210 (US) and 91.121.94.121 (OVH, FR) to interact with the Magento admin panel and used the Magento Connect feature to download and install various files, including a malware called mysql.php. Afterwards, the file was automatically deleted as the malicious code had been added to prototype.js.


More: Link


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Magecart, Magento, private information, security incidents, hack, hackers, zero-day vulnerability, malware
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: World
This article is part of category

Securing Transactions