Magecart is back!

And this time affecting more than 17,000 sites.

Magecart has attacked misconfigured Amazon S3 buckets which are cloud repositories that hold data and other backend necessities for e-commerce stores. It permits anyone to view and edit files it contains. 

Therefore, it makes it too easy for hackers to inject digital card skimming code at the bottom of every JavaScript file they find.

Magecart is a supply chain attack done by cybercriminal groups and individuals who target credit card numbers of customers from e-commerce sites.

If you own a Magento store, then go through our article- An Ultimate Magento Security Guide You Need 

What is Magecart Attack?

Magecart attack began in early April 2019 and is still growing on a large scale. This time the attack was even more intensive than previously feared.

Its target is to affect as many sites it can irrespective how big or small they are by implementing card-skimming code into the payment page.

One of the major disadvantages of this approach is that hackers don’t know if the overwritten javascript files are being loaded on the payment page or not.

It is like shooting an arrow in the dark.  But if only a fraction of their skimming code reaches the payment page, it will be worth it.

Magecart is also hot on Twitter and other social media channels:-

How does it work?

Step 1: Gain access to your website- According to cybersecurity researchers, this is a new type of attack wherein hackers are using a shotgun approach instead of targeted attacks.

They are trying to attack a large number of compromised Magento stores and preferring larger infection reach over accuracy.

Step 2: Skim sensitive information from a form- Once, they have gained access to the data, they will try to intercept information like credit card number and CVV from the payment form. 

Step 3: Send information back to their server- If the hackers have successfully skimmed sensitive data from your site, then they can send it easily to any location on the Internet. 

Magento hosting

Who is behind Magecart Attacks?

Yonathan Klijnsma who is a threat researcher at RiskIQ has been tracking Magecart for more than a year published a report in which he described the working of hackers in different groups based on their mode of operation and target.

He also highlighted that Magecart is a thriving criminal underworld who has been working in shadows for years now. 

RiskIQ has coined a new term for this- “spray and pray”. It contrasts with the targeted campaigns previously linked to Magecart operations.

Who has been affected by Magecart malware?

But now they are becoming popular with an increase in cyber attacks on giant e-commerce sites. He also uncovered credit card skimming codes placed on many third-party web suppliers including AdMaxim, CloudCMS, and Picreel.

Even the websites that are present in the top 2,000 of Alexa rankings such as Ticketmaster and Newegg were also not spared.

The consumer accounts of British Airways, Vision Direct, and other such e-commerce stores were also found hacked.

Britain’s Information Commissioner’s Office (ICO) fined British Airways with £183 million for failing to protect the personal data of their half-million customers last year. 

What vulnerabilities does it prey upon?

Code that is developed by you and runs only on your site is called first-party code. But code that comes from other companies is called third-party code. 

Many store owners are not aware of this and integrate the code from other companies. This permits the outside code to display messages to your users, exfiltrate sensitive data entered by them or even redirect them to another site.

So, when you rely on code that runs on 50 other websites, you can fall into the trap that many retailers have fallen into, and Magecart attackers prey on. A security breach anywhere is a security breach everywhere.

How to protect your e-commerce store from Mageattack?

The good news is that you can protect your sensitive data from this type of malware attack. You need to deploy technology that can monitor and protect sensitive data in real-time.

ServerGuy is actively working to neutralize Magecart infrastructure to minimize the threat. You can go for our managed Magento Hosting services to ensure you don’t suffer the same fate. 

Was this post helpful?