Notorious online credit card theft group Magecart has amassed a large number of previously unpublished security flaws in extensions to popular e-commerce platform Magento, and is using them to inject hidden credit card stealers on legitimate checkout pages.
That’s according to security consultant and malware hunter Willem de Groot, who has closely tracked the group – believed to be responsible for a wide range of attacks including the recent British Airways and Ticketmaster hacks.
Now he is calling for help to identity some of the vendors affected, based on extension URLs he has identified in the wild. (These include extensions to Magento that allow stores to manage discounts in bundles: with a 300,000-strong developer community, Magento offers plenty of customisations).
He told Computer Business Review: “These URLs are used by a hacker to find specific shop extensions, that are vulnerable to a specific attack. I want to inform all the affected vendors so they can release fixed versions, but I can’t identify all the vendors, just based on the URLs, so I’ve asked for help…”
He added: “[E-commerce platform] Magento replaced most of the vulnerable functions by json_decode() in patch 8788, but many of its popular extensions did not.”
“It appears that attackers have amassed a large number of extensions and found numerous POI vulnerabilities. And they are now probing Magento stores in the wild for these extensions. I collected the following probes. If you are running any of them, you’d better disable them quickly and search your logs for unauthorized activity.”
For the list of probes, see here.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.