Magecart Group 12 launches a PHP skimmer targeting Magento’s vulnerable e-commerce platforms

Cybersecurity researchers have discovered that a new credit card theft malware has been implemented to bypass client-side detection on e-commerce sites running unsupported versions of Magento. The campaign has been attributed to Magecart Group, as it uses an infrastructure previously linked to the group and the new malware disguises itself as favicon easily to trick users.

This new variant of malware, identified as “Magento.png”, infiltrates vulnerable websites via a PHP web shell, unlike similar skimmers that mimic favicon and hide malicious JavaScript code.

The specialist at the security firm Malwarebytes Jerome Segura mentions that your computer detected this malware on a few sites, although this was enough to determine the existence of a pattern. In its report, Segura mentions that the latest version of Magento 1 runs on at least 53,000 e-commerce websites, after nearly 1 year of Adobe announcing that this release would be discontinued.

Magecart 12 threat actors were also singled out as responsible for a wave of attacks abusing another new and improved skimmer, called ‘Ant and Cockroach’ and impacting nearly 3,000 web domains. Among other campaigns, Magecart has been noted to run a malicious campaign using a fake Cloudflare library for the installation of cryptocurrency mining software.

Magecart-like attacks use web injections to implement JavaScript code on Magento websites and extract payment card information from customers. According to the latest Malwarebytes research, Magento.png malware uses PHP web shells called “Smilodon” or “Megalodon”.

Segura urged online retailers to keep their stores “updated and reinforced, not only to pass PCI standards but also to maintain the trust that shoppers place in them.” According to an analysis of Magento’s websites conducted by cybersecurity firm Foregenix in July 2020, a few days after the provider’s support was suspended, 79.6% of malware-infected domains were running Magento 1.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.