Key Points:

  • Hackers have implanted various codes in eCommerce website builders to steal your credit card information.
  • The hackers have been primarily targeting eCommerce website builders like WooCommerce, WordPress, Shopify, and Magento.
  • This hack has been named the Magecart-style skimmer. 

If you use an eCommerce website developer like Shopify, WooCommerce, WordPress, and Megento, then beware! Your personal information and credit card details might be at risk of getting hacked on these websites!

A new Magecart exploit has surfaced recently on these websites. This hack penetrates your details through vulnerabilities on the sites. Moreover, it has the ability to spread itself to other websites from one website. 

So far, this exploit has mostly targeted e-commerce website developers. However, there are many other affected websites whose names are yet to surface. 

It’s difficult to track this code since it’s very good at masking itself. If you have a look at the codes of the affected web pages, you will not be able to spot them first instantly. This is because it hides as a Facebook Ad Libabry code or a Google Tag. 

As a Magecart code, this exploit starts affecting webpages by entering through preexisting vulnerabilities. Regarding the aforementioned websites, it enters through vulnerabilities in themes and plugins for WordPress and WpooCommerce. For Shopify and Magento, the vulnerability exists in the source codes of the platform itself. 

This exploit was first discovered by a cloud platform called Akamai. This is what they have to say:

“Before the campaign can start in earnest, the attackers will seek vulnerable websites to act as “hosts” for the malicious code that is used later on to create the web skimming attack.
Although it is unclear how these sites are being breached, based on our recent research from similar, previous campaigns, the attackers will usually look for vulnerabilities in the targeted websites’ digital commerce platform (such as Magento, WooCommerce, WordPress, Shopify, etc.) or in vulnerable third-party services used by the website.”

This is what they recommend you do to keep yourself as safe as possible:

“The complexity, deployment, agility, and distribution of current web application environments — and the various methods attackers can use to install web skimmers — require more dedicated security solutions, which can provide visibility into the behavior of scripts running within the browser and offer defense against client-side attacks.
An appropriate solution must move closer to where the actual attack on the clients occurs. It should be able to successfully identify the attempted reads from sensitive input fields and the exfiltration of data.
We recommend that these events are properly collected in order to facilitate fast and effective mitigation.”

More Resources:

Mashum Mollah

Mashum Mollah is the feature writer of SEM and an SEO Analyst at iDream Agency. Over the last 3 years, He has successfully developed and implemented online marketing, SEO, and conversion campaigns for 50+ businesses of all sizes. He is the co-founder of SMM.

View all Posts

Leave a Reply

Your email address will not be published. Required fields are marked *