2016 has seen the highest rates of malware in terms of online shops running on platforms such as Magento and OpenCart. To conclude that, researcher Willem de Groot from Byte.nl has been analyzing online stores infected with malware since November 2015. This is when he first saw an increase in these infections.
Online Shops Malware Infections Grow Continuously
The uptake in such cases is associated with the better anonymity that online skimming provides compared to offline ATM skimming. This increasing online skimming has led to a growth in carding sites.
What is a carding site? It’s the type of underground forum that sells credit data details stolen via compromised online store payment pages and PoS malware.
To be more particular, online skimming has jumped to 69% in 10 months. This uptake is not that surprising considering that an Internet scan of 255,000 online stores has showed that malware is lurking on 3,501 of those shops. The researcher proceeded with a second scan in March 2016 to find out that the number of infected stores has jumped to 4,476, or 28%. In comparison, in September 2016, he found 5,925 infected online shops, which is 69% up compared to November last year.
One quite recent example of such malware is the MageCart. In fact, de Groot repeated the scan once again on October 10, and found 5,911 infected stores. On October 12, the number was down to 5,761 which means that 334 admins successfully cleaned up their stores.
What Online Shops Are Affected by Malware and Online Skimming?
Unfortunately, the list of infected online shops includes some high-profile places. Examples the researchers revealed include the online store of Icelandic singer Bjork, the store of Audi South Africa, and the website of the NRSC (National Republican Senatorial Committee).
Surprisingly, it turns out that many admins don’t care enough or just don’t know enough to clean up their stores. When he contacted people, he received some pretty bothersome replies, like:
- We don’t care, our payments are handled by a 3rd party payment provider.
- Our shop is safe because we use https.
Other conclusions derived from de Groot’s analysis:
- Not only is the number of infections steadily growing but also the malware is getting more sophisticated.
- The number of online skimming malware is increasing, too.
- In less than a year, online skimming malware has evolved from one single threat to nine varieties and three distinct malware families.
What can be done? The researcher suggests that:
Companies such as Visa or Mastercard could revoke the payment license of sloppy merchants. But it would be way more efficient if Google would add the compromised sites to its Chrome Safe Browsing blacklist. Visitors would be greeted with a fat red warning screen and induce the store owner to quickly resolve the situation.