Security experts at Aite Group and Arxan Technologies have discovered that Magecart hackers continue to target online stores to steal credit card data, in recent operations, they have compromised 80 more eCommerce sites.
All of these websites were running an outdated version of Magento which is vulnerable to
“New research conducted by
Security firms have monitored the activities of a dozen Magecart groups at least since 2015. The gangs use to implant skimming script into compromised online stores in order to steal payment card data on, but they are quite different from each other.
According to a joint report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.
According to experts, the 80 eCommerce sites were not hacked by a single group of Magecart hackers.
The researchers used a source
“What was uncovered in this research is e-commerce websites’ systemic lack of in-app protection to secure their web forms and the failure of endpoint security solutions on the client side to protect consumers against this pervasive threat.”
Many of the sites compromised by Magecart are running version 1.5, 1.7, or 1.9 that are known to be vulnerable to arbitrary file upload, remote code execution, and cross-site request forgery vulnerabilities. These flaws could be exploited by threat actors to inject the
The researchers reported their findings to federal law enforcement and are notifying all affected organizations. Because the investigation is still ongoing, experts have decided not to name the victim sites.
The researchers also focused their analysis on the methods used by Magecart groups to monetize their efforts. Once obtained the credit card data the hackers sell them on the dark web forums, they also purchase merchandise on legitimate online shopping sites and ship them to pre-selected merchandise mules in an attempt to launder the fraudulent transactions.
“The attacker has the purchased items shipped to their merchandise mules. To recruit merchandise mules, the attacker posts jobs that offer people the ability to work from home and earn large sums of money to receive and reship merchandise purchased with the stolen credit card numbers.” continues the report.
Let me suggest to read the report that also includes solutions proposed by the experts to secure the eCommerce sites.