Hundreds of online stores hacked in new campaign

216.73.217.80

Hundreds of online stores hacked in new campaign

· Published 23/08/2024 09:06 · Modified 23/08/2024 09:30

Essential information

Published: 23/08/2024 09:06
Modified: 23/08/2024 09:30
Tags: 2024-08-23 e-commerce fraud injection magento payment skimming
Related entities: 15 observables, 5 techniques (mitre), 1 others

Description

A cybersecurity report details a malware campaign targeting numerous e-commerce websites running the popular Magento platform. Threat actors exploited a vulnerability to inject malicious code that skims payment data from online shoppers during checkout. The skimmer code is loaded from attacker-controlled domains, enabling criminals to harvest credit card numbers, expiration dates, and CVVs in real-time. Over a thousand unique theft attempts were detected, affecting hundreds of compromised stores. Retailers and shoppers should remain vigilant and use reputable security solutions to mitigate such threats.

External references

https://www.malwarebytes.com/blog/news/2024/08/hundreds-of-online-stores-hacked-in-new-campaign
https://otx.alienvault.com/pulse/66c851335edada0eac344044