If your business has an online storefront, here's how you can avoid being compromised
Shopping cart malware, known as Magecart, is once again making headlines while plying its criminality across numerous ecommerce sites. Its name is in dishonor of two actions: shopping carts, and more specifically, those that make use of the open-source ecommerce platform Magento. Magecart malware compromises shopping carts in such a way that credit card data collected by the cart is transmitted to cybercriminals, who in turn resell this information to other bad actors.
Magecart is aided by a few unfortunate trends:
1. Most ecommerce sites don’t properly vet their shopping cart code, so the hackers can substitute or inject malicious web pages into it.
Looking back at the last several years, there have been a variety of attacks with connections to Magecart:
Add to this list an attack targeting reCAPTCHA earlier this month, and it’s clear to see that Magecart activities continue to pose a threat to a variety of organizations and industries. Researchers have found that the attackers are also constantly refining and evolving their tactics. They have branched out beyond Magneto-based online storefronts and are developing other malicious scripts using ad servers to infect banners, spending time analyzing their targets and logic flows. Still, they aren’t perfect: Back in December 2020, researchers found one of the Magecart-like versions accidentally leaked data of 41 of its victims.
If your business has an online storefront, how can you avoid being compromised? First off, you should identify your third-party ecommerce code, including your online advertising vendors. You could even require them to audit the code that they supply for your storefront to ensure it is malware-free.
Second, make the effort to host as many of your third-party scripts on your own infrastructure. This could be a challenge, given that the average ecommerce site uses code from dozens of different sources. British Airways found out that their Magecart attack was based on a baggage claim server that was hosted externally, for example.
Next, use these tips to check if a site has been compromised, along with other tips to vet the legitimacy of websites. You can also head over to our free Avast Hack Check tool to see if any of your website login credentials have been leaked. If so, change your password on that site immediately.
Finally, make sure you apply software updates as soon as possible. Magento users who were compromised by early attackers delayed these updates, which allowed the attackers to find and take advantage of the outdated versions. Take this as a lesson to prioritize updates — we’ve put together a few key reasons to update your software.
We are witnessing a full-scale cyberwar, in real time, take place in front of our eyes. Cybersecurity and digital freedom are now, quite literally, life and death issues in Europe.
CISA named GootLoader a top malware strain of 2021. Earlier this year, it targeted users searching for plea agreements, but lately, the threat actors are targeting users who are about to be laid off and searching for transition services and other employment-related documents.