Crypto-Mining & Card-Stealing Malware Infecting Magento Sites

Over a thousand shops and websites using Magento have been infected with malware that steals credit card information and runs cryptocurrency mining software.

The administrative panel Magento currently boasts two versions: a free and open-source one, and an enterprise option that offers support and whose sole maintainer is Magento.

Over a thousand shops and e-commerce sites that run Magento have been targeted by cyber attacks, threat-assessment site Flashpoint states in their report. Flashpoint goes on to say that these attacks have gone “unabated”, and interests for the platform on the Dark Web has been observable since 2016. Furthermore, the site’s analysts indicate that there may be even more websites at risk and that other Content Management Systems (CMS), such as OpenCart and Powerfront, are targeted as well. Flashpoint notes that the victims are primarily workers in the healthcare and education industries, and most of the targets’ IPs are clustered in Europe and the United States.

The Hackers’ Method

The hackers set up scripts perform a series of brute-force attacks on the targeted sites. These brute-force attacks utilize commonly used and default Magento credential information. As per Flashpoint’s report, these attacks are most successful when users do not change the passwords after the first log-in onto the platform.

Once the hackers have gained access to the CMS, they are able to add scripts of any nature they wish. In these cases, the code that the hackers injected into the program allows them access to pages that process payment information. Then, POST requests coming from the servers that contain sensitive information are then redirected to the hacker.

Upon visiting an exposed site, the end user is offered a fake update to Adobe Flash Player. If the malicious link is clicked, the script then installs malware from the attacker’s repositories, which are often stored on websites like GitHub. One such potentially installed malware is the trojan AZORult, which not only mines and stores data, but also downloads a cryptocurrency miner for Rarog.

Unfortunately, hackers have successfully stayed under the radar since 2016 due to the fact that they provide their malware with daily updates. This practice allows them to avoid detection software, as these function based on signature and behavior patterns.

Mitigating Measures

Flashpoint is working together with law enforcement to warn victims of the dangers they have been exposed to. Moreover, threat-assessment analysts suggest a series of steps to improve “password-hygiene” and to minimize the negative outcome of these attacks. They advise companies to set up requirements for complex passwords, while also strongly discouraging employees from reusing old passwords. Two-factor authentication, especially for sensitive databases and systems, has also been proposed.

While a patch to improve Magento’s security is highly desirable at this point, the developers have not yet released a statement for such plans.

18 COMMENTS

  1. También se conoce como impotencia sexual, aunque actualmente se ha dejado de usar este término en el campo médico.

  2. Wow that was odd. I just wrote an extremely long comment but after I
    clicked submit my comment didn’t show up. Grrrr… well I’m not
    writing all that over again. Regardless, just wanted to say
    great blog!

  3. Thank you for the good writeup. It in fact was once a leisure
    account it. Glance advanced to far added agreeable from you!
    By the way, how can we keep in touch?

  4. A motivating discussion is worth comment. I think that you ought to publish more about this
    subject matter, it may not be a taboo matter but typically folks don’t discuss these subjects.
    To the next! Many thanks!!

  5. Hello There. I found your blog the use of msn. This is a really neatly written article.
    I will be sure to bookmark it and return to learn more of your helpful information. Thanks
    for the post. I will certainly return.

  6. If you desire to grow your know-how simply keep visiting this web site
    and be updated with the most up-to-date news update posted here.

  7. Hi, i feel that i saw you visited my web site thus i got
    here to go back the prefer?.I am attempting to to find issues to enhance my website!I guess
    its adequate to use some of your ideas!!

  8. Its like you learn my thoughts! You appear to understand
    so much about this, like you wrote the book in it or something.
    I think that you just can do with some % to force the message house a bit,
    however other than that, that is great blog. A great read.
    I will certainly be back.

  9. I believe that is one of the so much important info for me.
    And i am satisfied studying your article. However should observation on some
    general issues, The web site style is wonderful,
    the articles is in reality nice : D. Good task, cheers

  10. 84084 625838I genuinely like your post. It is evident which you have a good deal information on this topic. Your points are well made and relatable. Thanks for writing engaging and interesting material. 775267

  11. I think this is among the most vital information for me. And i’m glad reading your article. But should remark on some general things, The website style is great, the articles is really nice : D. Good job, cheers

  12. In fact no matter if someone doesn’t understand after that its up to other people that they
    will assist, so here it occurs.

  13. We absolutely love your blog and find the majority of your post’s to be what precisely
    I’m looking for. Would you offer guest writers to write content in your case?

    I wouldn’t mind composing a post or elaborating on many of the subjects you write with regards to here.
    Again, awesome site!

  14. These are truly impressive ideas in concerning blogging.
    You have touched some nice factors here. Any way keep up wrinting.

  15. I truly love your blog.. Excellent colors & theme.
    Did you make this web site yourself? Please reply back as I’m attempting to create my very own blog and want to know where you got this from or what the theme is called.
    Cheers!

LEAVE A REPLY

Please enter your comment!
Please enter your name here