Security pros from cybersecurity firm Sansec discovered a massive Magecart campaign in which over 2000 Magento online stores were hacked. Magento is an e-commerce platform that allows websites to create their own online store. The researchers stated that most of the compromised sites were running on the Magento 1 version, which reached the end of support in June 2020. Tens of thousands of customers’ personal information may have been compromised in the incident.
In Magecart attacks (also called web skimming or e-skimming attacks) attackers inject malicious JavaScript code on e-commerce websites after exploiting its CMS vulnerability.
Largest Magecart Attack
Researchers stated that this is the largest automated Magecart campaign observed till date since 2015. Attackers injected malicious code on the website checkout pages to exfiltrate payment information. Sansec detected nearly 1904 distinct Magento stores with a unique keylogger (skimmer) on the checkout page. Hackers infected 10 stores on Friday, 1058 on Saturday, 603 on Sunday, and 233 on Monday.
According to the researchers, threat actors may have used a new exploit code to compromise the stores which was offered on a hacking forum for $5,000 by a Russian seller named z3r0day.
“This automated campaign is by far the largest one that Sansec has identified since it started monitoring in 2015. The massive scope of this weekend’s incident illustrates increased sophistication and profitability of web skimming. Criminals have been increasingly automating their hacking operations to run web skimming schemes on as a many stores as possible,” researchers said.
Magecart Attacks on Rise
Multiple security incidents have been reported on Magecart hackers in the past. In the most recent one, researchers from threat intelligence firm RiskIQ uncovered a Magecart campaign dubbed as “Magecart Group 7” which compromised over 19 e-commerce websites and stole customers’ payment card data.