Contact Contact Us

Magecart Exploits Extensions Used in Magento E-Commerce Platform

The adaptive Magecart group continues to devise new methods for injecting its skimmer script at online retail stores. The hackers have been targeting at least 20 vulnerable extensions used in the Magento e-commerce platform by abusing the PHP unserialize() function to inject the payment card skimmer. The group also seeks to maximise their exploitation effort by deploying fake payment page to collect payment card details if the targeted sites use PayPal or Skype to handle card payment. The current campaign has a mass exploitation effect as the hacked extensions are used in many online stores. Magecart has previously targeted widely-used third party software such as chat widget and web analytics to inject its skimmer and used look-alike domain names with SSL certificates for communicating with its C&C.

[1] Multiple 0days Used by Magecart

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883