Thousands of e-commerce sites running software past end-of-life were hit by an automated attack that began on Friday, peaking on Saturday. According to researchers at Sansec, more than 2,000 websites running Magento Version 1 software were subject to a classic Magecart attack that injected malicious code to steal payment details during transactions.
|
According to the attack analysis, most of the victims previously had not been successfully attacked. This suggested to the analysts that a novel infection mechanism was used, one possibly related to a zero-day attack recently offered for sale on Dark Web markets.
Sansec's report says that its scans indicate more than 95,000 e-commerce stores are still running Magento Version 1, a version that reached end-of-life in June.
For more, read here.