Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


New Magecart Malware Attacks Infect More Than 100 Online Retailers

cyber-threats-think-ahead-sensorstechforumOnline stores are not safe anymore according to recent reports by Sucuri. First detected in March 2016, the Magecart malware has begun to gain momentum in it’s activity until May when it began to target well-known and large online retailer stores.

During the summer of 2016 when Sucuri first analyzed a variant of Magecart which was reported (by Softpedia) to have the large Magento online stores in it’s crosshairs. Since then, online retailers used a browser extension in order to simplify user payment via a platform, called Braintree.

The Targets of Magecart

Reportedly, this type of sophisticated online malware is primarily focused on several shopping platforms and the malware may attack multiple platforms at once.

Since March, the hacking team behind this virus has significantly broadened the scope as well as “features” of the malware. New malicious scripts have been developed in order to broaden the malware’s compatibility across plafroms, like CMS Powerfront, OpenCart and Magento.

How Does Magecart Infect

Magecart itself does not look very sophisticated, however. The actual virus is a .JS (JavaScript) file which the hackers add in the targeted website’s code, once they have infected it.

The infection process itself once the JavaScript has been activated is to begin monitoring on which page is the user who has opened the online store. The complicated part of the coding of the virus could have been the detection of the payment web page. This is because as soon as Magecart detects such web page being open, it injects another JavaScript automatically which contains a form of online keylogger that automatically tracks, records and sends the keystrokes entered within the information boxes in the payment page. This allows for cyber-criminals to see in what box what has been typed and assemble this information to obtain the financial details of the user’s debit or credit card as well as PayPal address or other crucial credentials for online payment.

The cyber-criminals behind Magecart are a clever bunch as well. They often change the domains that are hosting the infection operations, making themselves very difficult to be detected.

How To Protect Yourself from Magecart

Researchers at RiskIQ have reported that the sophisticated Magecard is also able to obtain information and communicate via HTTPs and get information from stores which have their own custom payment web pages. But what is worse is that for this malware it does not really matter because with it’s latest updates it is even compatible to target some external payment carriers and implemented technologies.

Companies with good reputation have already become victims of the Magecart threat and many users of Everlast, Faber&Faber as well as other that have used the Magento extension or VeriSign should immediately change their banking credentials or transfer their funds to new accounts for safety reasons.

Softpedia has reported the following websites to have been hacked via Magecart online malware:

Websites Believed to be Affected

Users of those websites should immediately secure the funds on the cards or accounts used to purchase products from those websites.

There is not much that can be done protect him or herself from such mawlares. However, website administrators should consider using more complex credentials.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.