One of the largest known Magecart campaigns to date took place over the weekend, with nearly 2,000 e-commerce sites hacked in an automated campaign that may be linked to a zero-day exploit. The attacks have impacted tens of thousands of customers, who had their credit-card and other information stolen, researchers said.

According to Sansec Threat Intelligence, online stores running Magento versions 1 and 2 are being targeted in a classic Magecart attack pattern, where e-commerce sites are hacked, either via a common vulnerability or stolen credentials. If a compromise is successful, merchant websites are then injected with a web skimmer, which surreptitiously exfiltrates personal and banking information entered by customers during the online checkout process.

The firm’s telemetry picked up “1904 distinct Magento stores with a unique keylogger (skimmer) on the checkout page,” the firm said in a posting on Monday. “On Friday, 10 stores got infected, then 1058 on Saturday, 603 on Sunday and 233 today….Most stores were running Magento version 1, which was announced end-of-life last June. However, some stores were running Magento 2.”

#hacks #malware #vulnerabilities #web security #e-commerce sites #hacked #large campaign #magecart #magento #online shoppers #payment card skimmer #sansec #stolen credit cards #zero day exploit