Physical, Computer and Network Security News

MagentoCore infects 7,399 Magento stores, many more at security risk

The recent malware attacks expose the security risks ecommerce stores are putting themselves to by not following some practices recommended by experts


A security researcher has come up with startling facts - the MagentoCore that steals payment card data from shoppers has infected 7,339 Magento stores. Experts believe the actual number could be larger and that an even bigger number of stores could be on the brink of being infected.

The malware, basically a coding script, loads on the stores’ checkout pages, which is where shoppers begin to enter their payment card details. The script secretly records the payment card details and transmits the information to a server that is directly under the hacker’s control.

The hacker can misuse the payment card details to make fraudulent payments, all of which would be charged to the original, unsuspecting shopper.

“The industry term for such script is a ‘payment card scraper’ or simply ‘skimmer’. Hackers break through the source code of the ecommerce store and the rest is taken care of.” CEO Kaartik Iyer of Infigic, a  company that provides Magento development services and magento security services . “The code is so called because it skims the payment card details without the shopper realizing it, before it’s too late.”

When experts delved deeper, two facts stood out. Firstly, the malicious code is getting shorter and more sophisticated - the code that infected British Airways was all of 22 lines. Secondly, stores running unpatched Magento versions or relying on inadequately verified 3rd party code are the ones that have been worst affected.

“You’d think it can be solved by discontinuing all 3rd party code, but that’s not feasible.” Organizations can’t - or don’t - write all the code themselves. “So the best way out is to keep your own systems strong, and keep vigil constantly.” Iyer from Infigic explains.

He insists his company’s clients are well-guarded. “We’ve helped our client companies have security systems in place. From simple stuff like backups to advanced tools like firewalls, ecommerce stores will have to have all their bases covered” he adds.

News From

Infigic Technologies - Web & Mobile App DevelopmentInfigic Technologies
Category: eCommerce Solutions and DevelopersCompany about: Infigic is a global ecommerce website development & mobile app development company started by ex-IBM, ex-Sun Microsystems executives. At Infigic, we put users at the centre to craft crisp digital experiences.  Our pool of experienced  developers, business analysts and digital marketers ensures that we consistently deliver successful projects and campaigns that accomplish tangible commercial objectives.  At Infigic, we believe our responsibilities also extend beyond business. ...
This email address is being protected from spambots. You need JavaScript enabled to view it.

For more information:

Make an Inquiry about this report HERE!