Crypto-Mining & Card-Stealing Malware Infecting Magento Sites

Over a thousand shops and websites using Magento have been infected with malware that steals credit card information and runs cryptocurrency mining software.

The administrative panel Magento currently boasts two versions: a free and open-source one, and an enterprise option that offers support and whose sole maintainer is Magento.

Over a thousand shops and e-commerce sites that run Magento have been targeted by cyber attacks, threat-assessment site Flashpoint states in their report. Flashpoint goes on to say that these attacks have gone “unabated”, and interests for the platform on the Dark Web has been observable since 2016. Furthermore, the site’s analysts indicate that there may be even more websites at risk and that other Content Management Systems (CMS), such as OpenCart and Powerfront, are targeted as well. Flashpoint notes that the victims are primarily workers in the healthcare and education industries, and most of the targets’ IPs are clustered in Europe and the United States.

The Hackers’ Method

The hackers set up scripts perform a series of brute-force attacks on the targeted sites. These brute-force attacks utilize commonly used and default Magento credential information. As per Flashpoint’s report, these attacks are most successful when users do not change the passwords after the first log-in onto the platform.

Once the hackers have gained access to the CMS, they are able to add scripts of any nature they wish. In these cases, the code that the hackers injected into the program allows them access to pages that process payment information. Then, POST requests coming from the servers that contain sensitive information are then redirected to the hacker.

Upon visiting an exposed site, the end user is offered a fake update to Adobe Flash Player. If the malicious link is clicked, the script then installs malware from the attacker’s repositories, which are often stored on websites like GitHub. One such potentially installed malware is the trojan AZORult, which not only mines and stores data, but also downloads a cryptocurrency miner for Rarog.

Unfortunately, hackers have successfully stayed under the radar since 2016 due to the fact that they provide their malware with daily updates. This practice allows them to avoid detection software, as these function based on signature and behavior patterns.

Mitigating Measures

Flashpoint is working together with law enforcement to warn victims of the dangers they have been exposed to. Moreover, threat-assessment analysts suggest a series of steps to improve “password-hygiene” and to minimize the negative outcome of these attacks. They advise companies to set up requirements for complex passwords, while also strongly discouraging employees from reusing old passwords. Two-factor authentication, especially for sensitive databases and systems, has also been proposed.

While a patch to improve Magento’s security is highly desirable at this point, the developers have not yet released a statement for such plans.

Ali Raza
Ali Raza
Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of, too, a site dedicated to educating people on online privacy and spying.

More from author

Notify of
Inline Feedbacks
View all comments

Related posts


Latest posts

7 Best Work from Home Apps for Moms

Being a mom is a job in itself. Between taking care of the kids, keeping up with household chores, and trying to squeeze in...

Top 9 Ways Technology is Helping Global Trade

If you are in a global business, utilizing technology is a surefire way of growing your business and increasing your customer base. Today, you...

7 Ways Technology Is Going To Transform Lead Generation

 In the ever-growing world of digital marketing, the ability to generate quality leads remains the most important ROI driver. Both inbound and outbound lead...