Sansec researchers have urged website owners to stop using Magento 1 since Adobe has stopped releasing security updates for the platform since June 2020.
eCommerce security firm Sansec has identified that hundreds of thousands of online stores running the Magento 1 e-commerce platform were targeted with a web skimmer. The attack was noted late last months after their crawler identified around 374 infections on a single day. In all the attacks, the same malware was used.
Details of the Campaign
According to Sansec, this attack stands out because attackers have used a combination of PHP object injection and SQL injection, which helped them control the Magento store. The attacks were launched via a single domain- naturalfreshmall(.)com domain., from where the credit card skimmer was loaded on all of them. The domain is currently offline.
Sansec researchers believe that the objective behind this campaign is to steal the credit card details of customers of the hacked online stores. Here, it is worth noting that Magento stores are often under web skimmer attacks. In 2018, over 1,000 Magento sites were hacked with cryptominers and credential-stealing malware.
In September 2020, an attack researchers identified the “largest-ever attack against Magento