Hackers stole payment data from Costway’s website and other compromised Magento 1 websites using e-commerce credit-card skimmers.
One skimmer injects fake forms into an affected website while the other one collects credit-card details. Fortunately, this exploit only runs on outdated Magento 1 e-commerce software. Magento developers urged every customer to update to their latest software version.
“A large number of Magento 1 sites have been hacked but yet are not necessarily being monetized. […] Other threat actors that want access will undoubtedly attempt to inject their own malicious code. When that happens, we see criminals trying to access the same resources and sometimes fighting with one another.”
Malwarebytes
Researchers at Malwarebytes identified French, UK, German, and Spanish Costway portals affected by these skimmers. The potential risk is massive, as only the French portal had over 180,000 visitors in December. The website’s payment form was collecting every buyer’s payment details.
Check the source.
Read More
- 85K MySQL Servers were hit by PLEASE_READ_ME RansomwareChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- The new Silver Sparrow malware infected 30,000 MacsChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- Investment Scammers try to trick Dating App UsersChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- LodaRAT Windows Malware affects Android DevicesChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
- Cyberpunk 2077 Publishers has suffered a ransomware attackChrome, Firefox and Edge browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.