The e-commerce security company Sansec has shared its analysis regarding an ongoing attack aiming at Magento websites. Magento is one of the e-commerce platforms powered by the software giant Adobe. The ongoing MageCart attacks are utilizing the flaws of the old version of the platform.
Flawed Quickview plugin leak in action
It is possible to extract important data with MageCart attacks, even the payment details
Sansec has detected more than 500 stores being breached that are running Magento 1 platform. All of those websites are victims of a payment skimmer malware loaded from a domain, naturalfreshmall.com.
The attackers have used a combination of SQL injection and PHP object injection, by utilizing the leak on the Quickview plugin to gain control of the Magento stores. As the attackers gain access to the target websites, they injected 19 backdoors and extracted the payment details, which is known as MageCart attacks.
The Magento 1 platform is no longer supported by Adobe as of June 2020. But there are still many websites still using the unsupported platform, which carries security risks and results in breaches. The Magento website owners and administrators can check their version by the following command:
bin/magento --version