Hackers have hit Extendware, a creator of extensions for CMS Magento-based sites. Attackers introduced a skimmer to the organization’s website and could also infect its products.
Criminals have been present on Extendware infrastructure since October 4.The malicious script is a standard keylogger. It copies the payment data of users and sends them to a third-party web site. Analysts believe that the destination is another hacked site.
Experts found the skimmer on the Extendware website, but warned that there might be an attack on the supply chain.
“In theory, they could have injected a backdoor or skimmer in all of the Extendware products, thereby gaining control of all stores that would install their software. This is also known as a “supply chain attack”, — report Sanguine Security company specialists.
The ability to write data to the Extendware server allows criminals to compromise the distributions stored there by injecting malicious code into them too. This means that all trading floors using the extensions of this supplier are in danger.
Read also: With the use of new malware Turla intercepts TLS traffic
Experts reported the incident to Extendware developers and asked if it had any impact on the integrity of the software hosted on the server. At the time of writing, the company did not publish a statement in this regard – the last entry in the news feed is dated September 12, on Facebook and Twitter – October 1.
“Because e-commerce vendors are such an attractive target to payment skimmers, this Extendware case suggests that attackers may have used a novel method to gain access”, — report Sanguine Security researchers.
Extendware hacking became known shortly after security experts presented a detailed study of cyber attacks on Magento sites. Among other things, experts noted the growing interest of criminals in supply chains, which allow them significantly increase coverage.
At the end of 2018, analysts of several information security companies placed such attacks on the list of major threats in the nearest future. This forecast was quickly confirmed – in recent years, criminals have compromised the repository of extensions and PHP applications, the official update service of ASUS, as well as several companies from the gaming industry.