The infamous Magecart hacking group has been fund to be behind a large-scale attack against e-commerce sites.
They have been found to replace JavaScript code into numerous sites that list counterfeit big brands products. Examples include the likes of Nike, Adidas and Converse — sport shoes, bags, apparel and accessories.
E-commerce Sites Targeted By Magecart Hackers, Listed Products Changes With Counterfeit Stock
Multiple large e-commerce sites have been breached by the infamous Magecart hacking group according to a new security report. A global investigation has shown that the criminals have taken advantage of a weakness in the content management system used (Magento) and were able to hijack them. The reason for the large number of infections is the widespread unpatched server software including the PHP engine and the Magento system. The Magecart hackers have supposedly used an automated suite in order to scan whole networks in order to look for vulnerabilities. When a bug is identified the malware platform will automatically infect the installations. Such automated penetration testing attacks are one of the most common methods used to hijack sites.
When the hackers have access to the contents of the site and to the administrative panel they can cause numerous malicious actions. In the case of the recent attacks this includes the following:
- Skimming Code Insertion — The Magecart hackers will automate the scripts to locate a part of the Magento system called translate.js which houses JavaScript related to the template and contents translation. Inside of malicious code will be inserted which will automatically forward payment related information to a server located in China.
- Account Data Theft — By breaking into the content management system it is possible that the hackers will steal the account data of the administrative account, as well as any internal information that is part of the company’s operations. The collected information can be used for blackmail purposes or extortion. We know from past attacks that in some cases computer hackers have also posted such “data dumps” on auction on the hacker underground markets.
These attacks carried out by the criminal collective can potentially infect thousands of sites in a single day. As many of these counterfeit brand shops use design and text layout that is reminiscent of the legitimate and official brand stores. It is expected that such attacks will continue to be carried out. Once again we urge all site administrators to always apply the latest software updates on their CMS installations.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: