This article originally appeared in Information Security Buzz on September 4, 2018.
7,339 Magento stores has been found to have malware that collects payment card data according to security researcher William de Groot who says it is the most successful infiltration campaign to date.
Devon Merchant, Digital Security and Operations Manager at The Media Trust:
“Magento is an open source platform and for this reason is also a favorite target of bad actors. This latest attack was likely carried out through password guessing and exploited vulnerabilities in Magento servers that allowed hackers to take over vulnerable websites and create a malware backdoor to periodically inject malicious script. The vulnerabilities might lie in the web application source code, enabling bad actors to manipulate the code and inject rogue script into the HTML template. The script then logs keystrokes and sends them to a command-and-control server. Website owners using the platform should take a more proactive approach to securing their sites. Given the sophistication of malicious campaigns, they should work closely with their third-party code providers on cleaning up their digital ecosystem. Moreover, they should continuously scan these sites for any unauthorized actors and activities.”