Payment card data stealing malware campaign affects dozens of websites each day

Share this…

It has been recommended to block Magento e-commerce software; otherwise the details of your card will end up in Moscow

Over the last six months more than 7k e-commerce websites have been infected with malicious JavaScript designed to collect payment cards details from users as they concretize their online orders.

Willem de Groot, ethical hacking expert based in Holland has said so, mentioning that this software to steal data of payment cards that communicates with a domain hosted in Moscow, magentocore[dot]net, is used to infect between 50 and 60 e-commerce sites every day.

“The list of victims includes multi-million dollar companies listed on the stock market, suggesting that the operators of this malware campaign get significant revenues”, mentions the specialist on his blog, pointing out that the malicious code is designed to work with Magento’s legitimate e-commerce software, although the real victims are eventually customers, who suffer from identity and payment cards data theft.

Magento, which Adobe Systems planned to acquire since last May, is one of the most widely used e-commerce platforms. So it may not be a surprise that the software has become a favorite target of payment card thieves, who have taken advantage of the sometimes unsafe configurations of users or have used brute force attacks to gain access to the software.

According to ethical hacking specialists, the payment card industry continues to fight to prevent criminals from extracting the details of the cards and using them in fraudulent schemes. One way to use the stolen information is in the so-called card-no-present transactions. Australia, for example, has seen a 14% annual increase in this type of practice.

While the main goal of the cybercriminals is usually the theft of payment card data, costumer personal data would also be at stake. This has implications for compliance with the General Data Protection Regulation, the strict privacy regime in Europe, where allegations of non-compliance have increased to 400%.

For ethical hacking specialists from the International Institute of Cyber Security, whoever is behind this malware campaign must be generating great profits. Based on his analyses, Willem de Groot has found 7.3k online stores that have been hacked in the last six months. And since 2015, the specialist has identified at least 20k websites that have been infected by this malicious JavaScript at least once.

In addition, websites are not rehabilitated quickly after an infection, the average recovery time is a few weeks, but it can be said that at least 1450 online stores have hosted this parasite over the past six months.