MagentoCore Most Prolific Skimmer Campaign

Online retailers and consumers alike need to heed caution when making credit card purchases. Magento, a global e-commerce platform has been targeted by a single group planting skimmers on individual stores, according to security researcher William de Groot.

In the past six months, 7,339 individual stores have fallen victim to the online skimming campaign in which the identity and credit card information of consumers is stolen while they shop, making the MagentoCore skimmer the most successful to date, said de Groot.

“No campaign has been so prolific as the MagentoCore.net skimmer," he said. "The MagentoCore skimmers gain illicit access to the control panel of an e-commerce site, often with brute force techniques (automatically trying lots of passwords, sometimes for months). Once they succeed, an embedded piece of JavaScript is added to the HTML template."

While most of the affected merchants have recovered in just a few weeks, the malware has found a home for a full six months in 1,450 stores.

According to Magento's website, 51 million customers around the globe have made purchases from Magneto merchants. With 260,000 merchants reportedly using the Magneto platform, the hacker group continues to target new brands, successfully hijacking between 50 to 60 stores per day over the last two weeks.

Given that Magento is an open source platform, it is an optimal target of bad actors. “This latest attack was likely carried out through password guessing and exploited vulnerabilities in Magento servers that allowed hackers to take over vulnerable websites and create a malware backdoor to periodically inject malicious script,” said Devon Merchant, digital security and operations manager of The Media Trust.

“The vulnerabilities might lie in the web application source code, enabling bad actors to manipulate the code and inject rogue script into the HTML template. The script then logs keystrokes and sends them to a command-and-control server.”

E-commerce stores that use the platform are advised to take a more proactive approach to securing their sites. “Given the sophistication of malicious campaigns, they should work closely with their third-party code providers on cleaning up their digital ecosystem. Moreover, they should continuously scan these sites for any unauthorized actors and activities,” Merchant said.

What’s Hot on Infosecurity Magazine?