CYBER NEWS

Sites infectados com Magecart Malware infectado várias vezes

Você pode pensar que você está a salvo depois de ter removido o malware de sua loja Magento on-line infectado. Contudo, verifica-se que o malware Magecart infame, conhecido por colheita detalhes do cartão de crédito de formas de verificação geral, re-infecta mesmo após clean-up.




The researcher behind these findings is Willem de Groot who recently unearthed the most successful skimming campaign, driven by the MagentoCore skimmer. Back in September, the skimmer had already infected 7,339 Magento stores for a period of 6 meses, thus becoming the most aggressive campaign discovered by researchers.

The same researcher is the developer of the MageReport, an online malware and vulnerability scanner for online stores. According to de Groot, in the last quarter, 1 fora de 5 breached stores were infected (and cleaned) multiple times, some even up to 18 vezes.

relacionado: MagentoCore: o mais agressivo infecta Skimmer 60 Lojas por dia

Finalmente 40,000 Magecart-Like Infections Discovered in 3 Anos

The researcher has tracked infections similar to Magecart on at least 40,000 domains for the past three years. His latest findings indicate that during August, September and October, the MageReport scanner came across Magecart skimmers on more than 5,400 domínios. Some of these infections turned out to be quite persistent, spending up to 12.7 days on infected domains.

Na maioria dos casos, Contudo, website admins successfully removed the malicious code. Ainda, the number of re-infected sites is still quite big – 21.3 por cento, with a large number of reinfections taking place within the first day or within a week. The average period for a reinfection was estimated at 10.5 dias.

What is the reason for the reinfections? As explained by de Groot, there are several reasons accounting for the repeated malware cases:

There are multiple reasons for the reinfections:

  • The operators of Magecart often drop backdoor on hacked stores and create rogue admin accounts.
  • The malware operators use efficient reinfection mechanisms such as database triggers and hidden periodic tasks.
  • The operators also use obfuscation techniques to mask their code.
  • The operators often use zero-day exploits to hack vulnerable sites.
relacionado: Magecart Hackers roubaram Clientes Payment Card dados de Newegg

Em setembro, the Magecart operators have made another major hit, infiltrating the secure servers of the popular Newegg site. All entered data in the period between August 14 and September 18 this year was affected. Both desktop and mobile customers were affected by the breach.

Statistics revealed that the site has more than 50 milhão de visitantes. The fact that the digital skimmer code was available for a significant period of time gives security researchers reasons to believe that millions of customers were potentially affected.

Em fevereiro 2017, the same researcher analyzed a piece of another evolved Magento malware which was

capable of self-healing. This process was possible thanks to hidden code in the targeted website’s database.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...