Hackers stole payment data from Costway’s website and other compromised Magento 1 websites using e-commerce credit-card skimmers.
One skimmer injects fake forms into an affected website while the other one collects credit-card details. Fortunately, this exploit only runs on outdated Magento 1 e-commerce software. Magento developers urged every customer to update to their latest software version.
“A large number of Magento 1 sites have been hacked but yet are not necessarily being monetized. […] Other threat actors that want access will undoubtedly attempt to inject their own malicious code. When that happens, we see criminals trying to access the same resources and sometimes fighting with one another.”
Malwarebytes
Researchers at Malwarebytes identified French, UK, German, and Spanish Costway portals affected by these skimmers. The potential risk is massive, as only the French portal had over 180,000 visitors in December. The website’s payment form was collecting every buyer’s payment details.
Check the source.
Read More
- Fresh COVID-19 Phish: Cybercrooks Impersonate Pfizer In Request For Quotation ScamBad guys exploiting the COVID-19 pandemic is nothing new under the sun. However, the newest highly-targeted phishing campaign impersonating […]
- Ransomware Attack Hits McMenamins; 2,700 Employee Records Potentially LeakedA recent attack targeted McMenamins, a popular family-run chain of hotels, restaurants, and breweries. The company is still experiencing […]
- The Number Of Double-Extortion Ransomware Victims Sees Massive 935% Increase In 2021A jaw-dropping three-digit spike in the number of companies hit with double-extortion ransomware attacks, most likely due to easy […]
- Cybercrooks Aiming To Take Over 1.6M WordPress Sites In Active AttackThreat actors are actively exploiting security flaws in four plugins and Epsilon themes to assign themselves administrative accounts and […]
- Cuba Ransomware Group Raked In $44M In Payouts, The FBI SaysThe Cuba ransomware gang is a wide range of tools and malware to launch and conduct attacks targeting organizations […]
