In the biggest attack against its websites Magento, hackers broke into nearly 2.000 online stores this weekend to steal credit cards.
Adobe Magento is a popular e-commerce platform that allows owners to quickly set up an online store to sell their products and accept credit cards.
Over the weekend, credit card fraud prevention company Sanguine Security (Sansec) located 1.904 stores Magento that had been violated in the last four days.
The attack began on Friday, when ten stores were infected with a credit card theft script that was not known from other attacks.
The attack increased to 1.058 sites on Saturday, another 603 on Sunday and an additional 233 by Monday morning.
According to Willem de Groot, the founder of Sanguine Security, this is the biggest attack on its platform Magento which they have seen since they started monitoring e-commerce stores in 2015.
"This attack is by far the largest that Sansec has identified since it began monitoring the platform in 2015. The previous record was 962 breached stores in one day in July last year," de Groot said in a report released today. .
Of the breached stores, the majority was version 1 of it Magento, which no longer receives security updates from June 2020 when it reached the end of its support.
When it was breached, de Groot said the attackers were installing a PHP web shell called mysql.php and allowing them to gain full access to the breached account.
When payment information is submitted, payment information is collected from the script and sent to the address https://imags.pw/502.jsp which is under the control of the hacker.
It is unknown at this time what he will do after leaving the post, but Sansec believes that sites that use Magento 1 may be breached using a 0day security loophole sold on hacking forums.
On August 15, a hacker named z3r0day started selling 0day security vulnerabilities for both of its patches. Magento 1 for $ 5.000. This sale was made to a total of ten people.
Sansec recently partnered with Adobe to help resolve the issue.