Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: Hundreds of E-Commerce Sites Hacked In Supply-Chain Attack

Link: https://it.slashdot.org/story/25/05/05/203420...

An anonymous reader quotes a report from Ars Technica: Hundreds of e-commerce
sites, at least one owned by a large multinational company, were backdoored
by malware that executes malicious code inside the browsers of visitors,
where it can steal payment card information and other sensitive data,
security researchers said Monday. The infections are the result of a supply-
chain attack that compromised at least three software providers with malware
that remained dormant for six years and became active only in the last few
weeks. At least 500 e-commerce sites that rely on the backdoored software
were infected, and it's possible that the true number is double that,
researchers from security firm Sansec said. Among the compromised customers
was a $40 billion multinational company, which Sansec didn't name. In an
email Monday, a Sansec representative said that "global remediation [on the
infected customers] remains limited." "Since the backdoor allows uploading
and executing arbitrary PHP code, the attackers have full remote code
execution (RCE) and can do essentially anything they want," the
representative wrote. "In nearly all Adobe Commerce/Magento breaches we
observe, the backdoor is then used to inject skimming software that runs in
the user's browser and steals payment information (Magecart)." The three
software suppliers identified by Sansec were Tigren, Magesolution (MGS), and
Meetanshi. All three supply software that's based on Magento, an open source
e-commerce platform used by thousands of online stores. A software version
sold by a fourth provider named Weltpixel has been infected with similar code
on some of its customers' stores, but Sansec so far has been unable to
confirm whether it was the stores or Weltpixel that were hacked. Adobe has
owned Megento since 2018.

Read more of this story at Slashdot.

---
VRSS v2.1.180528