Online stores are not safe anymore according to recent reports by Sucuri. First detected in March 2016, the Magecart malware has begun to gain momentum in it’s activity until May when it began to target well-known and large online retailer stores.
During the summer of 2016 when Sucuri first analyzed a variant of Magecart which was reported (by Softpedia) to have the large Magento online stores in it’s crosshairs. Since then, online retailers used a browser extension in order to simplify user payment via a platform, called Braintree.
The Targets of Magecart
Reportedly, this type of sophisticated online malware is primarily focused on several shopping platforms and the malware may attack multiple platforms at once.
Since March, the hacking team behind this virus has significantly broadened the scope as well as “features” of the malware. New malicious scripts have been developed in order to broaden the malware’s compatibility across plafroms, like CMS Powerfront, OpenCart and Magento.
How Does Magecart Infect
Magecart itself does not look very sophisticated, however. The actual virus is a .JS (JavaScript) file which the hackers add in the targeted website’s code, once they have infected it.
The infection process itself once the JavaScript has been activated is to begin monitoring on which page is the user who has opened the online store. The complicated part of the coding of the virus could have been the detection of the payment web page. This is because as soon as Magecart detects such web page being open, it injects another JavaScript automatically which contains a form of online keylogger that automatically tracks, records and sends the keystrokes entered within the information boxes in the payment page. This allows for cyber-criminals to see in what box what has been typed and assemble this information to obtain the financial details of the user’s debit or credit card as well as PayPal address or other crucial credentials for online payment.
The cyber-criminals behind Magecart are a clever bunch as well. They often change the domains that are hosting the infection operations, making themselves very difficult to be detected.
How To Protect Yourself from Magecart
Researchers at RiskIQ have reported that the sophisticated Magecard is also able to obtain information and communicate via HTTPs and get information from stores which have their own custom payment web pages. But what is worse is that for this malware it does not really matter because with it’s latest updates it is even compatible to target some external payment carriers and implemented technologies.
Companies with good reputation have already become victims of the Magecart threat and many users of Everlast, Faber&Faber as well as other that have used the Magento extension or VeriSign should immediately change their banking credentials or transfer their funds to new accounts for safety reasons.
Softpedia has reported the following websites to have been hacked via Magecart online malware:
Users of those websites should immediately secure the funds on the cards or accounts used to purchase products from those websites.
There is not much that can be done protect him or herself from such mawlares. However, website administrators should consider using more complex credentials.
Ventsislav Krastev
Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.
Follow Me: