Home > Cyber News > New Magecart Malware Attacks Infect More Than 100 Online Retailers

New Magecart Malware Attacks Infect More Than 100 Online Retailers

cyber-threats-think-ahead-sensorstechforumOnline stores are not safe anymore according to recent reports by Sucuri. First detected in March 2016, the Magecart malware has begun to gain momentum in it’s activity until May when it began to target well-known and large online retailer stores.

During the summer of 2016 when Sucuri first analyzed a variant of Magecart which was reported (by Softpedia) to have the large Magento online stores in it’s crosshairs. Since then, online retailers used a browser extension in order to simplify user payment via a platform, called Braintree.

The Targets of Magecart

Reportedly, this type of sophisticated online malware is primarily focused on several shopping platforms and the malware may attack multiple platforms at once.

Since March, the hacking team behind this virus has significantly broadened the scope as well as “features” of the malware. New malicious scripts have been developed in order to broaden the malware’s compatibility across plafroms, like CMS Powerfront, OpenCart and Magento.

How Does Magecart Infect

Magecart itself does not look very sophisticated, however. The actual virus is a .JS (JavaScript) file which the hackers add in the targeted website’s code, once they have infected it.

The infection process itself once the JavaScript has been activated is to begin monitoring on which page is the user who has opened the online store. The complicated part of the coding of the virus could have been the detection of the payment web page. This is because as soon as Magecart detects such web page being open, it injects another JavaScript automatically which contains a form of online keylogger that automatically tracks, records and sends the keystrokes entered within the information boxes in the payment page. This allows for cyber-criminals to see in what box what has been typed and assemble this information to obtain the financial details of the user’s debit or credit card as well as PayPal address or other crucial credentials for online payment.

The cyber-criminals behind Magecart are a clever bunch as well. They often change the domains that are hosting the infection operations, making themselves very difficult to be detected.

How To Protect Yourself from Magecart

Researchers at RiskIQ have reported that the sophisticated Magecard is also able to obtain information and communicate via HTTPs and get information from stores which have their own custom payment web pages. But what is worse is that for this malware it does not really matter because with it’s latest updates it is even compatible to target some external payment carriers and implemented technologies.

Companies with good reputation have already become victims of the Magecart threat and many users of Everlast, Faber&Faber as well as other that have used the Magento extension or VeriSign should immediately change their banking credentials or transfer their funds to new accounts for safety reasons.

Softpedia has reported the following websites to have been hacked via Magecart online malware:

Websites Believed to be Affected


→ aufdemkerbholz.de backstage.gs eyeglass.com farmwholesale.com fidelitystore.com giftshop.cancerresearchuk.org gkboptical.com gypsyville.com ihomecases.com kerbholz.com lenshareca.com mamapanda.com mauriziocollectionstore.com sasshoes.com saudi.miniexchange.com shop.air-care.com shop.guess.net.au shop2.gzanders.com shoppu.com.my storeinfinity.com truthbookpublishersstore.org valuedrugs.net www.5thavenuedog.com www.aalens.com www.agssalonequipment.com www.apacwines.com www.arenaswimwearstore.com www.ariashop.co.uk www.arvaco.com www.aurigaeurope.com www.ausnaturalcare.com.au www.babysavings.com.au www.bellfieldclothing.com www.benmoss.com www.bogglingshop.com www.brandvapors.com www.brooktaverner.co.uk www.capstore.dk www.cbcrabcakes.com www.chefcentral.com www.clarke-distributing.com www.clickandgrill.de www.cottinfab.com www.countrywidehealthcare.co.uk www.crossingbroadstore.com www.dgpartsmall.com www.donnabeleza.com.br www.douglovesshirts.com www.eddymerckx.com www.emarket.com.kw www.evergreen.ie www.everlast.com www.faber.co.uk www.faberacademy.co.uk www.fidelitystore.com www.freedomflask.com www.ghurka.com www.gingerandsmart.com www.gkboptical.com www.golights.com.au www.grahamandgreen.co.uk www.greekpaddles.net www.huntingandfishing.co.nz www.iloveshowpo.com www.karity.com www.knetgolf.com www.kosherwine.com www.laploma.in www.leasevillenocredit.com www.lions-pride.com www.littlelittleorganics.com www.lostgolfballs.com www.mackenzieltd.com www.mcs.com www.minervabeauty.com www.miniexchange.com www.mothercare.co.id www.musclefood.com www.musingapore.cn www.muzzle-loaders.com www.mylook.ee www.nationalcargocontrol.com www.nessaleebaby.com www.nichecycle.com www.onesolestore.com www.owgartenmoebel.de www.ozeparts.com.au www.paykobo.com www.personalizationuniverse.com www.punkstuff.com www.rebeccaminkoff.com www.reservewineclub.com.sg www.retaildeal.biz www.rosesonly.com.sg www.royaldiscount.com www.santonishoes.com www.savannahcollections.com www.shopboss.com.br www.showpo.com www.shrimpandgritskids.com www.skinsolutions.md www.slimminglabs.com www.smoothmag.com www.sophieparis.com www.stagespot.com www.storeinfinity.com www.superbikestore.in www.surthrival.com www.thebeautyplace.com www.titanssports.com.br www.todaycomponents.com www.tonnotermans.nl www.ukbathroomstore.co.uk www.umnitza.com www.voicerecognition.com.au www.waterfilters.net www.wesellusedsound.co.za www.windsorsmith.com.au www.zalacliphairextensions.com.au

Users of those websites should immediately secure the funds on the cards or accounts used to purchase products from those websites.

There is not much that can be done protect him or herself from such mawlares. However, website administrators should consider using more complex credentials.

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree