Media and Entertainment

Magecart Exploits Extensions Used in Magento E-Commerce Platform

23 - 30 October 2018

The adaptive Magecart group continues to devise new methods for injecting its skimmer script at online retail stores.
The adaptive Magecart group continues to devise new methods for injecting its skimmer script at online retail stores. The hackers have been targeting at least 20 vulnerable extensions used in the Magento e-commerce platform by abusing the PHP unserialize() function to inject the payment card skimmer. The group also seeks to maximise their exploitation effort by deploying fake payment page to collect payment card details if the targeted sites use PayPal or Skype to handle card payment. The current campaign has a mass exploitation effect as the hacked extensions are used in many online stores. Magecart has previously targeted widely-used third party software such as chat widget and web analytics to inject its skimmer and used look-alike domain names with SSL certificates for communicating with its C&C. 

References:
[1] Multiple 0days Used by Magecart

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence