MagnetoCore Malware

By   ISBuzz Team
Writer , Information Security Buzz | Sep 04, 2018 05:17 am PST

7,339 Magento stores has been found to have malware that collects payment card data according to security researcher William de Groot who says it is the most successful infiltration campaign to date.

Devon Merchant, Digital Security and Operations Manager at The Media Trust:

“Magento is an open source platform and for this reason is also a favorite target of bad actors. This latest attack was likely carried out through password guessing and exploited vulnerabilities in Magento servers that allowed hackers to take over vulnerable websites and create a malware backdoor to periodically inject malicious script. The vulnerabilities might lie in the web application source code, enabling bad actors to manipulate the code and inject rogue script into the HTML template. The script then logs keystrokes and sends them to a command-and-control server.  Website owners using the platform should take a more proactive approach to securing their sites. Given the sophistication of malicious campaigns, they should work closely with their third-party code providers on cleaning up their digital ecosystem. Moreover, they should continuously scan these sites for any unauthorized actors and activities.”

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x