A new wave of Magecart attacks has been identified by security experts that exploits the flaws of e-commerce sites operating under outdated software.
About 500 e-commerce websites operating in Magento 1 software were breached by threat actors using a single domain that they load with credit card skimmers. Researchers also discovered over 300 new infections on the same day upon finding the malware.
Based on reports, the researchers tracked the malicious domain coded as naturalfreshmall[.]com. However, as of now, the field is not operating. Experts claimed that the threat actors’ objective is to exfiltrate clients’ credit card details from the infected e-commerce stores.
The Magecart hackers exploited a known vulnerability in the Quickview plugin to introduce a corrupted Magento admin user to operate code with the highest administrator privileges.
The threat actors also used the api_1[.]PHP backdoor to run the commands from their remote server, which takes over the entire control system of the site. Thus, they gain control over the domain while having credit-card skimmers deployed on the sites.
Unfortunately, a recent case of Magecart attacks has injected 19 malicious backdoors in one online store alone.
Researchers discourage everyone from using Magento 1 since Adobe has not supported the software for about a couple of years. The sites that still use this outdated platform have a substantial risk of being cyberattacked, jeopardizing their critical data.
The objective of the Magecart attackers is to steal credit card details, full names, numbers, shipping addresses, email ads, and other information of online shoppers required to place or purchase products online.
E-commerce stores should not entertain outdated software since carefully planned attacks against them can be executed effortlessly at any time. Experts advise users to upgrade their stores to the latest platforms, patch their systems constantly, and run a complete survey for unwanted entities.