Hackers stole payment data from Costway’s website and other compromised Magento 1 websites using e-commerce credit-card skimmers.
One skimmer injects fake forms into an affected website while the other one collects credit-card details. Fortunately, this exploit only runs on outdated Magento 1 e-commerce software. Magento developers urged every customer to update to their latest software version.
“A large number of Magento 1 sites have been hacked but yet are not necessarily being monetized. […] Other threat actors that want access will undoubtedly attempt to inject their own malicious code. When that happens, we see criminals trying to access the same resources and sometimes fighting with one another.”
Malwarebytes
Researchers at Malwarebytes identified French, UK, German, and Spanish Costway portals affected by these skimmers. The potential risk is massive, as only the French portal had over 180,000 visitors in December. The website’s payment form was collecting every buyer’s payment details.
Check the source.
Read More
- H0lyGh0st Ransomware After Small and Midsize BusinessesMicrosoft has linked H0lyGh0st, a cyberthreat that emerged in June 2021 and targets small-to-midsized businesses, to North Korean state-sponsored […]
- Popular NFT Marketplace Ravaged by $540M Phishing SchemeIn March, a North Korean APT netted $540 million thanks to a massive phishing operation carried out on the […]
- Massive $59M Facebook Phishing Campaign Steals Nearly 400M CredentialsThreat actors have managed to net a staggering $59 million and steal hundreds of millions of credentials in a […]
- Human Error is a Top Security Risk in 2022, New Report ShowsA new report from Verizon warns about the human error as being one of the most frequent causes of […]
- Paying The Ransom – An Open Invitation For A Second Attack, 2022 Report WarnsWhether the unlucky victim of a ransomware attack ends up paying the ransom or not, they are still susceptible […]
