MageCart assaults are back, this time aimed at hundreds of out-of-date ecommerce websites

A credit card skimmer assault known as MageCart has been launched against hundreds of eCommerce websites that are operating on an out-of-date and unsupported platform.

However, subsequent examination revealed that the total number of infected websites was in fact over 500, as opposed to the original discovery of 374 infections that occurred on the same day with the same virus by Sansec researchers.

As reported by Sansec, the virus was sent to eCommerce websites using Magento 1, Adobe’s open-source eCommerce platform built in PHP, via the use of the naturalfreshmalll.com domain (which has since been deactivated). It was announced that Magento 1 will approach its end-of-life on June 30, 2020, which means it would no longer get regular security and usability upgrades, making it an attractive target for hackers.

Quickview vulnerability has been exploited

Attackers took use of a previously discovered weakness in the Quickview plugin, according to the researchers. This vulnerability enabled the attackers to establish a Magento admin account with the maximum rights, they think.

The attackers’ next step was to simply insert a credit card skimmer, with one of the compromised websites seeing the attackers inject 19 distinct backdoors, most likely in order to determine which one was the most effective.

When the malware was installed, the threat actors used the domain naturalfreshmall[.]com, which is presently unavailable, to do so. The threat actors’ purpose was to steal consumers’ credit card information from the targeted online retailers.

It is recommended that eCommerce website owners update their sites to the most recent version of Magento in order to ensure that their sites remain protected against these assaults.

MageCart is a phrase that is used interchangeably to refer to both the actual credit card skimming malware and the organizations who use it to steal credit card information. Researchers have found “dozens of subgroups” that make use of these skimmers, according to their findings.

Beyond credit card data, MageCart attackers are interested in getting mailing addresses, full names of the victims, phone numbers, email addresses, and any other information necessary to complete an online purchase.