Outdated Magneto 1 Witnessed Credit Card Skimming Threats

February 5, 2021 admin OSINT, Security, threatintel

Click the icon to Follow me:-

Magento is an open-source code e-commerce site that supplies online traders with a scalable shopping cart system, and managing their online store’s layout, content, and features. Lately, threat actors began leveraging a flaw in the ‘Magento 1’ branch that has not been managed any longer in the fall of 2020.

AMD Ryzen 9 3900X 12-core, 24-thread unlocked desktop processor with Wraith Prism LED Cooler $484.00

The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 12 cores and 24 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED ... read more

(as of February 28, 2021 - )

AMD Ryzen 5 5600X 6-core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler ~~$389.99~~ $377.10

AMD's fastest 6 core processor for mainstream desktop, with 12 processing threads Can deliver elite 100+ FPS performance in the world's most popular games Bundled with the quiet, capable AMD Wraith Stealth cooler 4.6 GHz Max Boost, unlocked for overc... read more

(as of February 28, 2021 - )

AMD Ryzen 5 2600 Processor with Wraith Stealth Cooler - YD2600BBAFBOX ~~$199.00~~ $189.99

System ram type: DDR4_sdram

(as of February 28, 2021 - )

Thousands of retailers worldwide on the platform are encouraged to upgrade the mobile version to ‘Magento 2’, as thousands of e-commerce shops were hacked with the credit card skimming code infecting all of them. During the tracking of events related to the ‘Magento 1’ initiative, observably, an e-commerce shop was attacked twice by skimmers.

In this particular incident, the threat actors devised a copy of their writings that is well-known to places that were already injected by the Magento 1 skimmer. The second skimmer will now actually collect the credit card data from the pre-existing fake form which were previously injected by the actors.

“A large number of Magento 1 sites have been hacked but yet are not necessarily being monetized,” as stated by the researcher at Malwarebytes. He further added that “Other threat actors that want access will undoubtedly attempt to inject their own malicious code. When that happens, we see criminals trying to access the same resources and sometimes fighting with one another.”

The end-of-life of Magento 1, paired with a famous feat, was an immense blessing for the actors at risk. Many pages were indiscriminately compromised merely because they were weak. RiskIQ has allocated these cases to Magecart Group 12, which uses diverse tactics including chain threats with a long history of web skimming.

On the payment websites of Costway, one of the leading retailers in North America and Europe, two web skimmers have been found selling appliances, furniture, etc. The skimmers seek to provide payment information with consumers’ credit card. “Our crawlers identified that the websites for Costway France, U.K., Germany, and Spain, which run the Magento 1 software, had been compromised around the same time frame,” said researchers.

On the Costway check-out page, the researchers noticed the credit card skimmer injection, which stands out in English while the majority of the platform is in French. This is no surprise considering the automated and very indiscriminate Magento 1 hacking campaign.

The threat to victims is huge, as scientists claim that just in December 2020, Costway’s French portal (Costway[.]fr) received approximately 180K tourists. There is also a second skimmer (loaded from the securityxx[.]top externally) on the web which targets the skimmer of Magento 1.

Many Magento 1 websites have been compromised, but they are not monetized yet. Additional attacks would certainly continue to inject their own malicious code.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.