Magento webshop Automated Magecart Campaign Hits Over 960 Breached Stores

A large-scale payment card skimming campaign that successfully breached 962 e-commerce stores was discovered today by Magento security research company Sanguine Security.

The campaign seems to be automated according to Sanguine Security researcher Willem de Groot who told BleepingComputer that the card skimming script was added within a 24-hour timeframe. “It would be nearly impossible to breach 960+ stores manually in such a short time,” he added.

Even though no information on how such automated Magecart attacks against e-commerce websites would work was shared by Sanguine Security, the procedure would most likely entail scanning for and exploiting security flaws in the stores’ software platform.

“Have not gotten confirmation yet, but it seems that several victims were missing patches against PHP object injection exploits,” also said de Groot.

While details on how the online stores were breached are still scarce given that the logs are still being analyzed, the JavaScript-based payment data skimmer script was decoded and uploaded by the security company to GitHub Gist.

As shown from its source code, the skimmer was used by the attackers to collect e-commerce customers’ payment info on breached stores, including full credit card data, names, phones, and addresses.

Source: Automated Magecart Campaign Hits Over 960 Breached Stores