Magento-Based Cyberattack Hits 500 To 1,000 E-Commerce Sites: Report
The potential victims of the cyberattack include a $40 billion multinational retailer.
Dutch cybersecurity firm Sansec has claimed that between 500 and 1,000 e-commerce sites, including a $40 billion multinational firm, have been hit by malware that can steal the payment details and other confidential information of customers, according to reports.
These Magento-based e-commerce sites have been hit by a coordinated supply chain attack where 21 applications were injected with the same backdoor, according to a TechRadar report.
A backdoor attack involves accessing encrypted data by bypassing the standard security mechanisms.
Researchers at e-commerce security firm Sansec noted that the malware was injected six years ago but became active in late April. “It is rare that a backdoor remains undetected for 6 years, but it is even stranger that actual abuse has only started now,” the report highlighted.
“Hundreds of stores, including a $40 billion multinational, are running backdoored versions of popular e-commerce software. We found that the backdoor has been actively used since at least April 20th,” Sansec wrote in the report on its website.
The cybersecurity firm identified these backdoors in 21 Magento extensions that were published between 2019 and 2022. The three prominent vendors that distributed these extensions are Tigren, Meetanshi and Magesolution (MGS).
Tigren, Meetanshi and MGS are renowned Magento-based e-commerce solutions providers. Uses of their extensions include handling carts, calculating shipping charges and creating wishlists. These solutions are used by thousands of e-commerce websites worldwide.
Sansec said that the servers of all three vendors “have been breached and that attackers were able to inject backdoors on their download servers.”
“This hack is called a supply chain attack, which is one of the worst types. By hacking these vendors, the attacker gained access to all of their customers' stores. And by proxy, to all of the customers that visit these stores,” Sansec added.
Sansec also found a backdoored version of Weltpixel’s Google Tag GoogleTagManager extension, but it has not been able to verify if Weltpixel itself was compromised.
While MGS has not yet responded to this report, Sansec said the backdoored packages are still available for download on its website as of April 30. Tigren has denied being compromised, and the backdoored packages are available on its website as of April 30.
Meetanshi confirmed that its server got hacked but denied any tampering with its software.
