Você pode pensar que você está a salvo depois de ter removido o malware de sua loja Magento on-line infectado. Contudo, verifica-se que o malware Magecart infame, conhecido por colheita detalhes do cartão de crédito de formas de verificação geral, re-infecta mesmo após clean-up.
The researcher behind these findings is Willem de Groot who recently unearthed the most successful skimming campaign, driven by the MagentoCore skimmer. Back in September, the skimmer had already infected 7,339 Magento stores for a period of 6 meses, tornando-se assim a campanha mais agressiva descoberta pelos pesquisadores.
The same researcher is the developer of the MageReport, an online malware and vulnerability scanner for online stores. According to de Groot, in the last quarter, 1 fora de 5 breached stores were infected (and cleaned) multiple times, some even up to 18 vezes.
Finalmente 40,000 Magecart-Like Infections Discovered in 3 Anos
The researcher has tracked infections similar to Magecart on at least 40,000 domains for the past three years. His latest findings indicate that during August, September and October, the MageReport scanner came across Magecart skimmers on more than 5,400 domínios. Some of these infections turned out to be quite persistent, spending up to 12.7 days on infected domains.
Na maioria dos casos, Contudo, website admins successfully removed the malicious code. Ainda, the number of re-infected sites is still quite big – 21.3 por cento, with a large number of reinfections taking place within the first day or within a week. The average period for a reinfection was estimated at 10.5 dias.
What is the reason for the reinfections? As explained by de Groot, there are several reasons accounting for the repeated malware cases:
There are multiple reasons for the reinfections:
- The operators of Magecart often drop backdoor on hacked stores and create rogue admin accounts.
- The malware operators use efficient reinfection mechanisms such as database triggers and hidden periodic tasks.
- The operators also use obfuscation techniques to mask their code.
- The operators often use zero-day exploits to hack vulnerable sites.
Em setembro, the Magecart operators have made another major hit, infiltrating the secure servers of the popular Newegg site. All entered data in the period between August 14 e setembro 18 this year was affected. Both desktop and mobile customers were affected by the breach.
Statistics revealed that the site has more than 50 milhão de visitantes. The fact that the digital skimmer code was available for a significant period of time gives security researchers reasons to believe that millions of customers were potentially affected.
Em fevereiro 2017, the same researcher analyzed a piece of another evolved Magento malware which was
[wplinkpreview url =”https://sensorstechforum.com/self-healing-malware-magento-websites-attacked/”]capable of self-healing. Este processo foi possível graças ao código oculto no banco de dados do site de destino.