Over 500 Magento sites hacked in payment skimmer attack

Sansec researchers have urged website owners to stop using Magento 1 since Adobe has stopped releasing security updates for the platform since June 2020.

eCommerce security firm Sansec has identified that hundreds of thousands of online stores running the Magento 1 e-commerce platform were targeted with a web skimmer. The attack was noted late last months after their crawler identified around 374 infections on a single day. In all the attacks, the same malware was used.

Details of the Campaign

According to Sansec, this attack stands out because attackers have used a combination of PHP object injection and SQL injection, which helped them control the Magento store. The attacks were launched via a single domain- naturalfreshmall(.)com domain., from where the credit card skimmer was loaded on all of them. The domain is currently offline.

Sansec on Twitter

Sansec researchers believe that the objective behind this campaign is to steal the credit card details of customers of the hacked online stores. Here, it is worth noting that Magento stores are often under web skimmer attacks. In 2018, over 1,000 Magento sites were hacked with cryptominers and credential-stealing malware.

In September 2020, an attack researchers identified the “largest-ever attack against Magento

Read More: https://www.hackread.com/500-magento-sites-hacked-payment-skimmer-attack/