Technology A wave of Magecart attacks detected for the start...

A wave of Magecart attacks detected for the start of the school year

Back to school, government and business firmly believe in the long-awaited economic recovery, so do cybercriminals. The Sansec company, specialized in protection against Magecart attacks, announced yesterday have detected a large-scale automated attack campaign over the weekend. “Sansec’s Attack Detection System, which monitors threats on e-commerce sites, detected 1,904 separate Magento stores with malicious script (skimmer) on the checkout page. Friday, 10 stores were infected, then 1,058 Saturday, 603 Sunday and 233 Monday ”, detail the authors of the report.

This campaign, “automated” according to Sansec, mainly targets e-commerce stores relying on Magento 1, but the researchers note that a few affected stores were using Magento 2. This is the most important attack campaign identified by Sansec since a previous wave that affected just under 1,000 sites in a single day at July 2019.

The attackers aimed to install “skimming” scripts on the targeted sites, malicious scripts capable of recording the keystroke of the user when he enters his credit card code in a payment form. These techniques, known as the Magecart attack, are particularly popular with cybercriminals and difficult to detect for both victimized sites and their users.

Return of filth

Willem de Groot, researcher and founder of the company Sansec, details on his company’s blog the progress of one of the attacks identified this weekend: once the server hosting the site is compromised, the attackers install a malicious software whose name file is mysql.php. This is then used to install a malicious JavaScript script before being wiped from the device. The script loaded from a third-party site is a keystroke theft script that only activates when downloaded from a payment form.

According to Sansec, the attack vector exploited as part of this campaign could come from a 0-day flaw recently marketed on illegal marketplaces by a user known as z3r0day. This security flaw would affect versions of Magento 1, a version of the e-commerce module which is no longer officially supported by the publisher Adobe since June 2020. This vulnerability would therefore not have a patch delivered by the publisher to fill the gap.

Sansec estimates the number of stores exploiting Magecart 1 to be just over 90,000 online today, a significant number of potential targets for attackers.



Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest news

Piñera participates in a summit on the effects of climate change

He President Piñera participated this Thursday in a panel of world leaders, among those who were the Secretary General...

Coronavirus in CDMX: 26 high-risk colonies have not managed to get out of the maximum alert for COVID-19

The Priority Attention Program began more than two months ago to initiate extraordinary actions in capital areas at...

Lorenzo Méndez’s mother sends a “little note” to Chiquis Rivera – TVyNovelas México

Lorenzo Méndez's mother reacted to the separation of her son and Chiquis Rivera and sent an indirect message...

a subscription will not be necessary

Accessing the next version of Microsoft Office will not (necessarily) pay for Microsoft 365 subscription. This...

You might also likeRELATED
Recommended to you