New Ecommerce Exploit Affects WooCommerce, Shopify, Magento
Magecart style exploit affecting multiple ecommerce platforms to steal credit card information and infect other sites
Brought to you by Trickyenough
A serious hacking attack has been exploiting ecommerce websites to steal credit card information from users and to spread the attack to other websites.
Brought to you by Trickyenough
These hacking attacks are called Magecart style skimmer and it’s spreading worldwide across multiple ecommerce platforms.
Brought to you by Trickyenough
– Magento
– Shopify
– WooCommerce
– WordPress
Attackers are targeting a variety of ecommerce platforms:
Brought to you by Trickyenough
The attackers have two goals when infecting a website:
1. Use the site to spread itself to other sites
2. Steal personal information like credit card data from customers of the infected website.
Brought to you by Trickyenough
Identifying a vulnerability is difficult because the code dropped on a website is encoded and sometimes masked as a Google Tag or a Facebook Pixel code.
Brought to you by Trickyenough
What the code does however is target input forms for credit card information.
It also serves as an intermediary to carry out attacks on behalf of the attacker, thus covering up the true source of the attacks.