The malware can steal payment card information and other sensitive data.
Hundreds of e-commerce sites have been impacted by malware that executes malicious code inside the browsers of visitors.
According to research by Sansec and featured by Ars Technica, the malware can steal payment card information and other sensitive data. Also, at least one owned by a large multinational company.
The researchers claimed that the malware exists as a backdoor in "popular ecommerce software" and have been actively used since at least April 20th. However the software may have been installed, and therefore the backdoor present, since 2019.
The infections are the result of a supply-chain attack that compromised at least three software providers: Meetanshi, Tigren and Magesolution. Sansec said the servers of the companies have been breached, and attackers were able to inject backdoors on their download servers. All three have been contacted.
At least 500 e-commerce sites that rely on the backdoored software were infected, and it’s possible that the true number is double that.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
