Volusion is a privately-held technology company that provides
Hackers have compromised the infrastructure of Volusion and are distributing malicious software skimmers to steal payment card data provided by users. Experts report more than 6,500 stores have been hacked, but they believe that tens of thousands of e-commerce platforms may have been compromised.
The discovery was made by Check Point security researcher Marcel Afrahim that shared his findings in a blog post on Medium.
The experts initially noticed that the Sesame Street Live online store was compromised, it is built with Volusion’s All-in-One E-commerce Website Builder and the name servers are maintained by the Volusion’s Name servers.
While analyzing the checkout page the expert noticed that all the resources are
This suggests that hackers gained access to
The compromised script was located at at https://storage.googleapis.com/volusionapi/resources.js and is loaded on Volusion-based online stores via the /a/j/
“At its core, the additional code consists of two sections. The first section is reading the values entered
Who is behind the attack?
The attackers’ TTPs suggest the involvement of one of the Magecart groups, that in the past already used public cloud storage to host their malicious scripts.
A report recently published by RiskIQ, the experts estimated that the group has impacted millions of users.