Magento site hacked with credential stealing and crypto-miners malware
Magento compromised by the hackers and Malware are detected
There are almost 1000 Magento based websites in which targeted shops as well as infected Malware are included.
However, cyber-security and threat analysis intelligence firm is stated about the cyber criminal that has been targeting the e-commerce open source Magento platform with malware. However, as a result, hundreds and thousands of e-commerce website are running with the help of Magento compromised by the hackers to install the cryptocurrency miner or steal the credit card number.
Malwire visited the entire Magento website
There are two main version of Magento that is curates enterprises and open source version. With the success of open source production, the enterprises version exclusively maintains the service by Magento or provides access.
Meanwhile, with the help of brute forcing the Magento platform are compromised easily. Most commonly, the hackers are using the famous credential just to compromise the website panel. Hackers are already known as a compromised credential for the website. Nearly 1000 panel admin have compromised, according to the Flashpoint findings. A majority of panel compromised Magento are belonged to the healthcare sector or the educational firm, while identified with the maximum target in the Europe or US.
Hackers can create automated scripts to access Magento panel
Using the brute force method, the flashpoint researcher wrote about the attack success when the administration is failing, for installing or changing the credential platform. Easily, the hackers can create automated scripts for facilitating the panel access.
After the CMS admin panel controlling the attackers can add any script according to their choice. Also, it is noted that the hackers are targeting only the e-commerce CMS (Content Management System) controlling site, like the OpenCart and the PowerPoints.
