Has your Magento Site Been Hacked?
Researchers at Flashpoint have discovered that at least 1,000 sites running Magento have been compromised by brute force attacks to scrape credit card numbers and install malware that mines cryptocurrency. The Magento sites are being compromised through brute-force attacks using common and known default Magento credentials. These attacks occur when admins fail to change the credentials upon installation of the platform. Attackers can then build simple, automated scripts loaded with known credentials to facilitate access of the panels.
Once the hacker has access, they are able to install any script that they choose. With this attack they are inserting malicious code in the Magento core file, allowing them access to pages where payment data is processed. POST requests to the server containing sensitive data are then intercepted and redirected to the attacker. Furthermore, the compromised sites will then return a fake adobe flash file which will install malicious malware on the victim’s computer.
If you think your site has been hacked or would like assistance with your site, please contact us! We are happy to help you secure your site. You can read more detail about these attacks in this Flashpoint Blog.