Magento stores hacked: deliver malware, steal card details and spread crypto-miners

Researchers from Flashpoint have announced that e-commerce websites of Magento have been hijacked by hackers. Over one thousand Magento sites have been influenced by cyber criminals. After the invasion, the websites started featuring malicious scripts which have multiple purposes. On one hand, scripts are designed to steal online shoppers’ credit card information. However, the hack also might allow crooks to install additional malware infections into devices. According to Flashpoint researchers, the hackers used brute-force attacks in order to hijack Magento websites.

Consequences of the attack against Magento sites

After hackers managed to get access to the Magento websites, specialists notice three specific trends. First of all, attackers tried to insert malicious code in Magento core files. Thanks to this modification, hackers would be able to retrieve online banking account information which is provided during the payment step of buying good from ecommerce services.

Magento sites hacked


In addition to that, the attackers decided to also distribute a crypto-miner. As you might have already heard, these infections are becoming more frequent, but companies are hoping to find ways how to put a stop to illegal crypto-mining. However, the attack against sites of Magento shows that crooks are not ready to let go of crypto-miners. In addition to the transmission, of crypto-miners, the hackers also decided to incorporate a third feature.

The compromised Magento websites were modified to automatically redirect visitors to malicious domains, possibly distributing malware into computers. Therefore, please be extremely careful when visiting unknown websites. Most of the deceptive ads, presented thru Magento websites, were using social engineering strategies.

If you have ever purchased software from any of the Magento sites, it is possible that hackers were able to get to your online banking account information. For your own safety, please change your passwords. Even after that, continue to monitor your banking account. If you notice any unknown activities, please contact your bank and make sure that it would never happen again. In addition to this, always keep your operating system updated to the latest version. Additionally, never interact with rogue online advertisements even if they do seem legitimate from the first glance.


Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Security Guides

Recent Comments