Magecart Attack Impacts More Than 10K Online Shoppers

Magecart Attack Impacts More Than 10K Online Shoppers

Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

One of the largest known Magecart campaigns to date took place over the weekend, with nearly 2,000 e-commerce sites hacked in an automated campaign that may be linked to a zero-day exploit. The attacks have impacted tens of thousands of customers, who had their credit-card and other information stolen, researchers said.

According to Sansec Threat Intelligence, online stores running Magento versions 1 and 2 are being targeted in a classic Magecart attack pattern, where e-commerce sites are hacked, either via a common vulnerability or stolen credentials. If a compromise is successful, merchant websites are then injected with a web skimmer, which surreptitiously exfiltrates personal and banking information entered by customers during the online checkout process.

The firm’s telemetry picked up “1904 distinct Magento stores with a unique keylogger (skimmer) on the checkout page,” the firm said in a posting on Monday. “On Friday, 10 stores got infected, then 1058 on Saturday, 603 on Sunday and 233 today….Most stores were running Magento version 1, which was announced end-of-life last June. However, some stores were running Magento 2.”

hacks malware vulnerabilities web security e-commerce sites hacked large campaign magecart magento online shoppers payment card skimmer sansec stolen credit cards zero day exploit

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

Experts Weigh in on E-Commerce Security Amid Snowballing Threats. How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike. ... But experts are warning retailers not to focus only on one threat or on protecting one particular system.

Account Takeover Fraud Losses Total Billions Across Online Retailers

Account takeover (ATO) attacks are on the rise, and in fact have become a go-to attack of choice cybercriminals of all stripes. In fact, in 2019 alone, ATO attacks cost consumers and e-commerce retailers a whopping $16.9 billion in losses.

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack. The Magecart spinoff group targeted the wireless service provider in an odd choice of victim. Boom! Mobile's U.S. website recently fell victim to an e-commerce attack, putting online shoppers in danger of payment-card theft, researchers said.

Claire’s Customers Targeted with Magecart Payment-Card Skimmer

The Magecart group targeted the tween accessories specialist starting the day after it shuttered its retail locations due to coronavirus.

Magecart Credit-Card Skimmer Adds Telegram as C2 Channel

In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals.