- Aug 30, 2012
- 6,598
Over 100 online stores have been compromised with a new type of web malware called Magecart that secretly logs data entered on checkout pages and sends it to the attacker's server.
First signs of this malware appeared in March 2016, but activity started to pick up in May when the first infections started to take root at high-profile online stores.
By the end of June 2016, Sucuri had stumbled upon a variant of Magecart, of which Softpedia reported as targeting Magento stores that used the Braintree Magento extension to support payments via the Braintree platform.
Magecart can target multiple e-commerce CMS platforms
In reality, this was only one facet of the Magecart attack, which companies such as ClearSky and RiskIQ continued to track across multiple online shopping platforms and infections.
The two say that, since March, the group behind the Magecart campaign have improved their capabilities, refining their malicious scripts in order to work across platforms such as Magento, OpenCart, and the Powerfront CMS.
The malware is nothing more than a JavaScript file added to a compromised site's source code. This usually happens when the attacker exploits a vulnerability in the CMS platform or the server itself. Once the attacker has access to the CMS platform or the underlying server, he adds his malicious code to the sites' source code.
Full article
First signs of this malware appeared in March 2016, but activity started to pick up in May when the first infections started to take root at high-profile online stores.
By the end of June 2016, Sucuri had stumbled upon a variant of Magecart, of which Softpedia reported as targeting Magento stores that used the Braintree Magento extension to support payments via the Braintree platform.
Magecart can target multiple e-commerce CMS platforms
In reality, this was only one facet of the Magecart attack, which companies such as ClearSky and RiskIQ continued to track across multiple online shopping platforms and infections.
The two say that, since March, the group behind the Magecart campaign have improved their capabilities, refining their malicious scripts in order to work across platforms such as Magento, OpenCart, and the Powerfront CMS.
The malware is nothing more than a JavaScript file added to a compromised site's source code. This usually happens when the attacker exploits a vulnerability in the CMS platform or the server itself. Once the attacker has access to the CMS platform or the underlying server, he adds his malicious code to the sites' source code.
Full article
