It has been recommended to block Magento e-commerce software; otherwise the details of your card will end up in Moscow.
An ethical hacking expert based in Holland has said so, mentioning that this software to steal data of payment cards that communicates with a domain hosted in Moscow, magentocore[dot]net, is used to infect between 50 and 60 e-commerce sites every day.
“The list of victims includes multi-million dollar companies listed on the stock market, suggesting that the operators of this malware campaign get significant revenues”, mentions the specialist on his blog, pointing out that the malicious code is designed to work with Magento’s legitimate e-commerce software, although the real victims are eventually customers, who suffer from identity and payment cards data theft.
Magento, which Adobe Systems planned to acquire since last May, is one of the most widely used e-commerce platforms. So, it may not be a surprise that the software has become a favourite target of payment card thieves, who have taken advantage of the sometimes unsafe configurations of users or have used brute force attacks to gain access to the software.
According to ethical hacking specialists, the payment card industry continues to fight to prevent criminals from extracting the details of the cards and using them in fraudulent schemes. One way to use the stolen information is in the so-called card-no-present transactions. Australia, for example, has seen a 14% annual increase in this type of practice.
While the main goal of the cybercriminals is usually the theft of payment card data, costumer personal data would also be at stake. This has implications for compliance with the General Data Protection Regulation, the strict privacy regime in Europe, where allegations of non-compliance have increased to 400%.
In addition, websites are not rehabilitated quickly after an infection, the average recovery time is a few weeks, but it can be said that at least 1450 online stores have hosted this parasite over the past six months.