eCommerce, Information Security and Malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs

MAY 11, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape iClicker site hack targeted students with malware via fake CAPTCHA New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Backdoor found in popular ecommerce components Stealthy Linux backdoor leveraging (..)

Malware

Malware eCommerce Hacking Ransomware

Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores

Security Affairs

FEBRUARY 11, 2025

Sucuri researchers found threat actors using Google Tag Manager (GTM) to deploy e-skimmer malware on a Magento eCommerce site. This isn’t the first time that Sucuri documented the use of GTM to deploy e-skimmer on e-store, in 2024, the experts detailed how Magecart veteran ATMZOW was using Google Tag Manager to deliver malware.

eCommerce

eCommerce Malware Marketing Hacking

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

Baka is a sophisticated e-skimmer developed by a skilled malware developer that implements a unique obfuscation method and loader. The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code.” ” reads the alert published by VISA.

eCommerce

eCommerce Malware Encryption Advertising

NginRAT – A stealth malware targets e-store hiding on Nginx servers

Security Affairs

DECEMBER 2, 2021

Threat actors are targeting e-stores with remote access malware, dubbed NginRAT, that hides on Nginx servers bypassing security solutions. Researchers from security firm Sansec recently discovered a new Linux remote access trojan (RAT), tracked as CronRAT , that hides in the Linux task scheduling system (cron) on February 31st.

Malware

Malware eCommerce Hacking Information Security

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

Security Affairs

APRIL 10, 2025

“These technologies are primarily used by small- to medium-sized businesses for their ease in enabling website development with integrations for eCommerce, website content management, and business service offerings.” .” reads the report published by SentinelOne.

eCommerce

eCommerce Technology DNS Business Services

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

Security Affairs

MAY 5, 2025

“Hundreds of stores, including a $40 billion multinational, are running backdoored versions of popular ecommerce software. We found that the backdoor is actively used since at least April 20th. Sansec identified these backdoors in the following packages which were published between 2019 and 2022.”

eCommerce

eCommerce Hacking Authentication Software

A new e-skimmer found on WordPress site using the WooCommerce plugin

Security Affairs

APRIL 12, 2020

Experts from security firm Sucuri discovered a new e-skimmer software that is different from similar malware used in Magecart attacks. The e-skimmer doesn’t just intercept payment information provided by the users into the fields on a check-out page. reads the analysis published by Sucuri. “For It’s not so easy to see.

eCommerce

eCommerce Malware Advertising Software

Attackers deploy Linux backdoor on e-stores compromised with software skimmer

Security Affairs

NOVEMBER 18, 2021

Security researchers from Sansec Threat Research Team discovered a Linux backdoor during an investigation into the compromised of an e-commerce server with a software skimmer. The attackers initially conducted a reconnaissance phase by probing the e-store with automated eCommerce attack probes. and inject it in the e-store.

Software

Software eCommerce Malware Engineering

Threat actors compromised +500 Magento-based e-stores with e-skimmers

Security Affairs

FEBRUARY 10, 2022

Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online stores running the Magento 1 eCommerce platform. com domain. com domain.

eCommerce

eCommerce Malware Hacking Cybersecurity

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Security Affairs

DECEMBER 5, 2022

Resecurity has identified a new underground marketplace in the Dark Web oriented towards mobile malware developers and operators. This trend comes from the “Man in The Browser” (MiTB) attacks and WEB-injects designed for traditional PC-based malware such as Zeus, Gozi and SpyEye.

Mobile

Mobile Malware Banking Retail

Critical Magento zero-day flaw CVE-2022-24086 actively exploited

Security Affairs

FEBRUARY 14, 2022

Last week, researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online stores running the Magento 1 eCommerce platform. More than 350 ecommerce stores infected with malware in a single day. com domain. URGENT: install the latest Magento 2 patch today.

eCommerce

eCommerce Malware Authentication Hacking

Crooks injects e-skimmers in random WordPress plugins of e-stores

Security Affairs

DECEMBER 9, 2021

. “The attackers know that most security plugins for WordPress contain some way to monitor the file integrity of core files (that is, the files in wp-admin and wp-includes directories). This makes any malware injected into these files very easy to spot even by less experienced website administrators. ” concludes the report.

eCommerce

eCommerce Firewall Malware Hacking

WordPress Plugin abused to install e-skimmers in e-commerce sites

Security Affairs

MAY 28, 2024

The malware has two main components. When the malware detects these parameters, it sends all the collected billing and credit card information to a third-party URL “hxxps://2of[.]cc/wp-content/” “In essence, ecommerce sites are prime targets for hackers due to the valuable data they handle.”

eCommerce

eCommerce Firewall Malware Passwords

Magecart attacks are still around but are more difficult to detect

Security Affairs

JUNE 22, 2022

We're right on the heels of Magecart cybercriminals New malware domain found: scanalytic[.org link] #Magecart #ecommerce pic.twitter.com/p3C4EOXh3C — Sansec (@sansecio) June 9, 2022. link] #Magecart #ecommerce pic.twitter.com/p3C4EOXh3C — Sansec (@sansecio) June 9, 2022. org” and “js.staticounter[.]net,”

eCommerce

eCommerce InfoSec Malware Hacking

Evilnum Group targets European and British fintech companies

Security Affairs

JULY 10, 2020

Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden Chickens malware-as-a-service (MaaS) provider. ” concludes ESET.

eCommerce

eCommerce Advertising Malware Spyware

Experts spotted five malicious Google Chrome extensions used by 1.4M users

Security Affairs

AUGUST 31, 2022

The extensions a designed to track the user’s browsing activity, they are also able can insert code into eCommerce websites being visited. They do this so that they can insert code into eCommerce websites being visited. . js that sends every URL visited by the victims to the C2 and injects code into the eCommerce sites.

eCommerce

eCommerce Retail Authentication Hacking

Security Affairs newsletter Round 229 – News of the week

Security Affairs

SEPTEMBER 1, 2019

Internal Revenue Service warns taxpayers of a malware campaign. Nemty Ransomware, a new malware appears in the threat landscape. UK National Cyber Security Centre urge to drop Python 2. Kaspersky found malware in popular CamScanner app. Magecart hackers compromise another 80 eCommerce sites.

eCommerce

eCommerce Data breaches Malware Advertising

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Security Affairs

JULY 28, 2019

They infect computers and other devices with malware to record payment information when their owners buy from ecommerce sites. ““CVV” information is sold with the three-digit number on the back of the card, which tend to be used in schemes in which criminals order things online.

eCommerce

eCommerce Marketing Advertising Accountability

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

JANUARY 21, 2020

The company immediately launched an investigation that revealed that a third-party ecommerce platform, Salesforce Commerce Cloud, was infected with an e-skimmer. The malware was completely removed on November 11, 2019. Forensics experts hired by the company discovered that the malicious code was likely planted on September 16, 2019.

Data breaches

Data breaches Retail Identity Theft eCommerce

Researchers analyzed a new JavaScript skimmer used by Magecart threat actors

Security Affairs

SEPTEMBER 2, 2022

JavaScript #skimmer overlayed onto payment page of an infected #Magento ecommerce store to steal payment card data from visitors exfils to united81[.]com com #magecart #infosec #cybersecurity #malware [link] pic.twitter.com/x8VrkKzXPc — Luke Leal (@rootprivilege) August 26, 2022.

eCommerce

eCommerce Digital transformation InfoSec Media

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

Security Affairs

NOVEMBER 15, 2019

Unlike other skimmers, Pipka has the ability to remove itself from the compromised HTML code after execution, in an effort to avoid detection, Visa notes in a security alert ( PDF ). VISA PFD believes that Pipka will continue to evolve and that its use will increase in the cybercrime ecosystem to target eCommerce merchant websites.

eCommerce

eCommerce Accountability Advertising Cybercrime

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

OCTOBER 15, 2019

Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services. “Pitney Bowes was affected by a malware attack that encrypted information on some systems and disrupted customer access to some of our services. ” .

Ransomware

Ransomware eCommerce Advertising Financial Services

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Ransomware , the headliner of the previous half-year, walked off stage: only 1 percent of emails analyzed by Group-IB’s Computer Emergency Response Team (CERT-GIB) contained this kind of malware. Pandemic chronicle.

Phishing

Phishing Ransomware Spyware Banking

Authorities arrest 3 Indonesian hackers behind many Magecart attacks

Security Affairs

JANUARY 26, 2020

.” According to the experts from Sanguine Security, this group is responsible only for 1% of overall attacks carried out by groups under the Magecart umbrella, this means that many other hackers are ready to attack e-commerce sites worldwide. ” concluded the experts.

Computers and Electronics

Computers and Electronics eCommerce Advertising Cybercrime

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Security Affairs

OCTOBER 20, 2020

They are a big headache for eCommerce businesses today, with cybercriminals using them to steal money, brute-force user credentials or carry out DDoS attacks. Trojans have also been spotted in the attacks on the marketplace: Group-IB Secure Portal has identified at least 1,200 user devices infected with Trojans.

Cryptocurrency

Cryptocurrency Social Engineering eCommerce Engineering

Magento and Adobe Commerce websites under attack

Security Affairs

NOVEMBER 17, 2022

” reads the report published by the experts “The trend in recent weeks paints a grim picture for ecommerce DevOps teams worldwide for the coming weeks.” Merchants and developers should be on the lookout for TrojanOrders: orders that exploit a critical vulnerability in Magento stores.”

eCommerce

eCommerce Hacking Authentication Technology

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Security Affairs

OCTOBER 18, 2019

Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce , shipping, mailing, data and financial services. The company now published an update on the attack, it confirmed that the root cause of the disruptions of its services was “the Ryuk virus malware attack.”.

Ransomware

Ransomware eCommerce Financial Services Advertising

Carding Action 2020: Group-IB supports Europol-backed operation saving €40 million

Security Affairs

NOVEMBER 26, 2020

All of the 90,000 pieces analysed by Group-IB included full card data – cards compromised via phishing websites, from end devices infected with banking Trojans, as well as by the means of hijacked eCommerce websites and the use of JS-sniffers.

Cybercrime

Cybercrime eCommerce Banking Marketing

Cybercriminals are Oversharing with Social Media Data Breaches

SiteLock

AUGUST 27, 2021

The stolen data was several years old, but it is still valuable on the dark web because people often reuse passwords for multiple sites and accounts, from online banking to eCommerce accounts. Instead, it’s believed that hackers used malware to collect the information by combining data from other recent breaches.

Data breaches

Data breaches Media Passwords Accountability

Microsoft warns of new highly evasive web skimming campaigns

Security Affairs

MAY 24, 2022

Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation techniques to avoid detection. Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection.

Hacking

Hacking eCommerce Cybersecurity Information Security

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

I’m Robert Vamosi and this episode about best practices in information security, and how critical life services, in particular, remain at risk today -- in the middle of a global pandemic. Welcome to the Hacker Mind, an original podcast from ForAllSecure. Vamosi: This is bad. They're doing an enormous amount of business.

Healthcare

Healthcare Hacking InfoSec Software

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

I’m Robert Vamosi and this episode about best practices in information security, and how critical life services, in particular, remain at risk today -- in the middle of a global pandemic. Welcome to the Hacker Mind, an original podcast from ForAllSecure. Vamosi: This is bad. They're doing an enormous amount of business.

Healthcare

Healthcare Hacking InfoSec Software

Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 11, 2025

CISA adds GoVision device flaws to its Known Exploited Vulnerabilities catalog Polish authorities arrested 4 people behind DDoS-for-hire platforms Play ransomware affiliate leveraged zero-day to deploy malware Canary Exploit tool allows to find servers affected by Apache Parquet flaw Unsophisticated cyber actors are targeting the U.S.

Spyware

Spyware Ransomware Malware DDOS

Cyber Security Informer

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores

Trending Sources

Visa warns of new sophisticated credit card skimmer dubbed Baka

NginRAT – A stealth malware targets e-store hiding on Nginx servers

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

A new e-skimmer found on WordPress site using the WooCommerce plugin

Attackers deploy Linux backdoor on e-stores compromised with software skimmer

Threat actors compromised +500 Magento-based e-stores with e-skimmers

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Critical Magento zero-day flaw CVE-2022-24086 actively exploited

Crooks injects e-skimmers in random WordPress plugins of e-stores

WordPress Plugin abused to install e-skimmers in e-commerce sites

Magecart attacks are still around but are more difficult to detect

Evilnum Group targets European and British fintech companies

Experts spotted five malicious Google Chrome extensions used by 1.4M users

Security Affairs newsletter Round 229 – News of the week

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

US-based children’s clothing maker Hanna Andersson discloses a data breach

Researchers analyzed a new JavaScript skimmer used by Magecart threat actors

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Authorities arrest 3 Indonesian hackers behind many Magecart attacks

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Magento and Adobe Commerce websites under attack

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Carding Action 2020: Group-IB supports Europol-backed operation saving €40 million

Cybercriminals are Oversharing with Social Media Data Breaches

Microsoft warns of new highly evasive web skimming campaigns

The Hacker Mind Podcast: Hacking Healthcare

The Hacker Mind Podcast: Hacking Healthcare

Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected