A massive automated hacking campaign has hit and compromised almost 2000 online stores recently that is targeted towards Magento websites aiming to steal credit card information.
To the banks that issue debit and credit cards, your customers who love to online shop in the middle of the pandemic is in deeper trouble than ever because the cybercriminals that utilize automated sniffing technics from vulnerable e-commerce stores got more active.
These kinds of cyber-attack are called MageCart, and the operators have posed large enough cyber threat leading VISA to issue an advisory to urge online stores and merchants to move forward using the more secure version Magento 2.
Over the last week, a group of cybersecurity researchers discovered the automated credit card skimming campaign that affected over 1900 Magento stores for four days. The cyber-attack started with 10 infected stores on its first day involving a new kind of credit card skimming script. The attack began to build up with 1058 compromised online stores on the second day, another 603 hacked store were recorded the next day and 233 on the fourth and last day. With a total of 1904, the cybersecurity community considered this the largest automated Magento hacking incident monitored, with 1058 hacked store in a single day beating the 962 hacked store record that happened last July 2019.
The Magento MageCart attack
On further analysis of the discovered automated attack on Magento stores, most hacked stores were still using Magento 1, which had reached its End of Life since June 2020. Hence, product support and security updates are critical to prevent this kind of attack. Once a store is compromised, a PHP web shell called mysql.php will be installed by the attackers to grant administrative privileges and gain full access to a compromised account.
How this kind of attack is conducted is still unknown. Still, it is believed that Magento is being attacked by a zero-day vulnerability exploit that is being sold on hacking forums within the Dark Web. A threat actor named z3r0day was found selling these vulnerabilities since mid-August this year, including the two recently patched flaws on Magento 1, which was sold for $5000. The sale was made to a total of 10 people. We advise that every Magento store be upgraded to Magento 2 for better protection and add another layer of malware solution, which prevents this kind of attack credit card skimming attack.