Magecart Hackers Breach Fake Brand E-Commerce Sites
CYBER NEWS

Magecart Hackers Breach Fake Brand E-Commerce Sites

The infamous Magecart hacking group has been fund to be behind a large-scale attack against e-commerce sites.




They have been found to replace JavaScript code into numerous sites that list counterfeit big brands products. Examples include the likes of Nike, Adidas and Converse — sport shoes, bags, apparel and accessories.

E-commerce Sites Targeted By Magecart Hackers, Listed Products Changes With Counterfeit Stock

Multiple large e-commerce sites have been breached by the infamous Magecart hacking group according to a new security report. A global investigation has shown that the criminals have taken advantage of a weakness in the content management system used (Magento) and were able to hijack them. The reason for the large number of infections is the widespread unpatched server software including the PHP engine and the Magento system. The Magecart hackers have supposedly used an automated suite in order to scan whole networks in order to look for vulnerabilities. When a bug is identified the malware platform will automatically infect the installations. Such automated penetration testing attacks are one of the most common methods used to hijack sites.

Related: Macy’s Data Breach Exposed Customers’ Credit Cards in Skimming Attack

When the hackers have access to the contents of the site and to the administrative panel they can cause numerous malicious actions. In the case of the recent attacks this includes the following:

  • Skimming Code Insertion — The Magecart hackers will automate the scripts to locate a part of the Magento system called translate.js which houses JavaScript related to the template and contents translation. Inside of malicious code will be inserted which will automatically forward payment related information to a server located in China.
  • Account Data Theft — By breaking into the content management system it is possible that the hackers will steal the account data of the administrative account, as well as any internal information that is part of the company’s operations. The collected information can be used for blackmail purposes or extortion. We know from past attacks that in some cases computer hackers have also posted such “data dumps” on auction on the hacker underground markets.

These attacks carried out by the criminal collective can potentially infect thousands of sites in a single day. As many of these counterfeit brand shops use design and text layout that is reminiscent of the legitimate and official brand stores. It is expected that such attacks will continue to be carried out. Once again we urge all site administrators to always apply the latest software updates on their CMS installations.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...