Cybercriminals Hacked An E-Commerce Platform To Steal Sensitive Information

Cybercriminals Hacked The Magneto Ecommerce Platform To Steal Sensitive Information

Using a piece of malware, Cybercriminals hacked the Magneto e-commerce platform to steal sensitive, important and confidential information and also for the purpose to compromise online shops. The patch was designed only to address the flaw.

There was a critical remote code execution vulnerability that dubbed the “shoplift bug.”. To patch that vulnerability, the developers of Magneto released the SUPEE-5344 in February 2015. A chain of weaknesses is included in the security hole like (remote file inclusion flaws, SQL injection and authentication bypass).

But, even after the patch was released, Byte(Dutch hosting firm) reported about vulnerability existence in Magento installations. The vulnerability is still in more than tens of thousands of Magneto installations. Because of the series of attacks spotted, Sucuri researchers indicate that there are still so many unpatched shops left.

A fake SUPEE-5344 patch has been designed by the security firm in order to give attackers full control over a vulnerable Magneto website. Sucuri said that this malware is very much sophisticated as compared to the other threats that target Magento installations. Once the code is injected into the target, then after attackers can easily steal either user credentials or steal payment data. After the action, stolen information is encrypted by the criminals, and sent it to the pre-defined email addresses as a JPEG format.

The targeted details contain the information like:

Server names

Credit card data

IP addresses

Passwords

Usernames

All these credentials are stored in Magento-powered site databases. It can be used by cybercriminals to target other online accounts. Sucuri said that "It is possible because same password has been set by many individuals, that makes easy to access other accounts,"

Cybercriminals can also delete the file storing the stolen data after it’s no longer needed, execute arbitrary code on the server and change the permissions of Magento files.

Senior malware researcher at Sucuri said that 

“As we can see, the Magento malware ecosystem is maturing and attracting more hackers, and they’re bringing their arsenal of tried and true tricks and methods from WordPress and Joomla! malware with them,” explained Denis Sinegubko,“The growing market share of Magento ecommerce sites (#1 CMS in ecommerce and #4 CMS overall) and potential access to money flows, make attacks even with low success rates worthwhile.”

The previous month, a security update has been released by the Magento developers whose aim is to resolve more than 20 vulnerabilities.