E-commerce malware detection firm Sansec is tracking a surge in cyberattacks targeting Magento stores.
At least seven Magecart groups are injecting TrojanOrders at approximately 38% of Magento and Adobe Commerce websites in November. The trend in recent weeks paints a grim picture for ecommerce DevOps teams worldwide for the coming weeks. There is a big increase of active scanning for the file that contains the backdoor (health_check.php). This is a sign of attacker groups are trying to take over infected sites from other groups.
November is on track to see more Magento 2 template attack probes than the previous ten months combined. There is a big uptick in attacks using the mail template vulnerability in Magento 2 from February 2022 (CVE-2022-24086). Sansec estimates that at least a third of all Magento and Adobe Commerce stores have not been patched so far.