A form of malware has been uncovered on Magento-based online shops. The operation works by card-skimming, which allows hackers to gather payment card information as it is being entered on Magento-based sites.
According to security researcher Willem de Groot, nearly 7500 sites were affected by the operation. The malware scam has affected Magento stores over the past six months, and has taken sites around two weeks to return to normal function.
Hackers have been hijacking between 50 and 60 new stores every day in the last two weeks, with no sign of this scam slowing down.
How does the scam work?
It could have happened either through Magento security holes or compromised accounts accessed via malware or brute-force.
The data is then uploaded to a server that is controlled by the hackers. The data is intercepted whilst still in the browser, rather than having to look through databases of information.
How to protect your site
If you’re running a Magento-based site, you should check immediately to see if you have been affected.
If the malware skimmer is found in your store, you should look for access points, backdoor access logs and any unauthorised changes or uploads made. Close any areas of unauthorized access and revert to a certified safe copy of the codebase.
Always make sure that you run security updates and patches, as well as using multi-factor authentication on all of your account logins.
Hyve offer Magento hosting, supported by our expert team of Magento engineers. We can offer full support for Magento sites, including patching and monitoring to ensure your store is secure and up-to-date.