911 Hack Removal

Magecart Attacks On Magento Stores And How To Prevent Them

Updated on: March 2, 2022

Magecart Attacks On Magento Stores And How To Prevent Them

Article Summary

Magecart attacks have been around since 2014, and have been very frequent as of late – the hacker group has been targeting even small stores. To prevent them, one must follow the best security practices like regularly following updates, setting strict file permissions, using trusted plugins, and using a firewall.

Magecart attacks made headlines when the hacker group targeted the credit card information of giants like Claire’s, British Airways, Ticketmaster, Netwegg, etc. However, these attacks aren’t recent by any means. Magecart attacks on Magento and other e-commerce websites can be traced back to 2014 when the group of hackers first started monetizing with stolen credit card details. Since then, they have actively been skimming the web.

Experts believe that Magecart was involved in hacking the details of more than 110,000 different online shops till date. The biggest targets of Magecart attacks are e-commerce sites. Since Magento is the ruler of the e-commerce space with the largest market share, it faces a significant threat from Magecart.

Related article: How to Remove Magento & OpenCart Credit Card Malware?

Recently, our engineers have been tracking Magecart hacks once every 2-3 days in small stores too. Magecart has been targeting everyone, and so it is more important than ever to secure your website. In this article, we will talk about the Magecart attacks on Magento and other e-commerce websites and how to prevent them.

What are the Magecart Attacks on Magento About?

Magecart is the name given to a nexus of cyber criminals operating in groups, who engage in illegal web skimming activities and steal credit card info and other payment details of customers online.

As identified by RiskIQ in their detailed and meticulous report “Inside Magecart”, there are around 6 to 7 groups that comprise Magecart – which differ in the infrastructure, targets, and their process. All of these groups skim the web to fetch credit card details online, which are then sold on the black market.

What are Magecart Groups?

According to the “Inside Magecart” report, there are few consequences for these criminals behind the screen. On the contrary, these criminals make fortunes by selling this information. The prices for this information usually varies from $250 to $5,000, depending on the versatility of the skimmer.

Web skimming is only one part of the complete criminal process that goes inside Magecart. After they fish the valuable credit card data they go ahead to monetise it. Presumably, the parties who obtain this info use it to make illicit purchases and ship goods overseas.

The complete list of groups under Magecart

Magecart Groups 1 & 2

Cast a wide net for targeting, likely using automated tools to breach and skim sites.

Magecart Group 3

Targets a high volume of vulnerable websites at one go.

Magecart Group 4

Extremely advanced, this group blends in with its victims’ sites to hide in plain sight and employs methods to avoid detection.

Magecart Group 5

This group hunts for known vulnerabilities in third-party vendors and targets the vendor’s user base. This type was implicated in the breach of Ticketmaster.

Magecart Group 6

This group is highly selective in its targets. Goes only for top-tier companies, such as British Airways and Netwegg to maximise data collection due to high-volume traffic in these websites.

Get the ultimate Magento Security checklist with 300+ test parameters

How do the Magecart Groups Operate?

Here’s how most Magecart attacks on Magento work:

Step 1: Gain access

There are multiple steps that go behind in this giant web skimming process. The first of which is to gain access to a vulnerable store’s back-end.

Step 2: Modify the site’s source code

Then the attackers would go on to modify the site’s source code and inject malicious JavaScript codes which would keep an eye on the payment forms & checkout pages. These skimmers record every entry on the payment page, be it personally identifiable information, credit card info or bank details.

Further, researchers also observed that some groups targeted only the third-party vendors on these online stores such as plugin vulnerabilities to plant the JavaScripts. At Astra, we have seen scores of plugin exploits on Magento that lead to sensitive data leaks.

Here is an example of the JavaScript used to skim the web:

Magecart attacks on Magento
A depiction of web skimming JavaScript

Step 3: Selling the records obtained

Next, they would sell these records in the black market in return of a hefty amount. The sold data is used to make unauthenticated online transactions, transfer money, buy and ship goods to foreign countries.

How to Secure Your Magento Store from Magecart Attacks

Update Plugins & Themes

Magento regularly releases security patches for webmasters to install. These patches are usually fixed vulnerabilities of the previous versions. As a security company, we see a lot of cases of websites being hacked due to outdated versions with known vulnerabilities. Installing these patches is the easiest and best way you can prevent any attacks.

Use Plugins From Trusted Sources

Magecart hackers usually look for bugs in third-party sources. First, make sure you only install plugins from trusted sources. Further, keep up with the latest versions of plugins and themes. Being prompt with the updates can eliminate the risk of being hacked.

Set Strict File Permissions

Besides the above two, always set strict file permissions for your website. You can also take help from this article on our blog to set file permissions on Magento.

Use Two-Factor Authentication

Always use two-factor authentication for checkouts in your website. Two-factor authentication requires an additional verification to confirm the authenticity of the credit card owner. This discourages any payment request made from your card even if it’s stolen.

Use a Firewall

In addition to the above, use a firewall to secure your website. Investing in a firewall such as Astra‘s will not only protect your website but also keep on optimizing its security by learning from each stopped attack. Astra’s Security Suite lets you focus on your business while it takes care of your website security fully and thoroughly. This way, you never need to worry about getting hacked!

Magento credit card hack, Stealing credit card from Magento store

Want to secure your Magento store? We can help!

Astra has helped thousands of Magento stores prevent cyberattacks on real time.
Get Started
Starting from $25/month

Magecart Attacks on Magento: Conclusion

As a customer, being super vigilant while making any transaction online is a must to maintain your privacy. Further, as an e-commerce website on Magento, you should indulge in the best security practices. Stronger permissions settings, having two-factor authentication, being up to date with the current versions in all spheres of a website – all go a long way in making your website secure, trusted, and reputable.

Since Magecart attacks are so widespread, we’ve made a video about them you might find helpful:

Magecart attacks on Magento

Related Guide – Complete Step by Step Guide to Magento Security (Reduce the risk of getting hacked by 90%)

About Astra Security Suite

Astra is the essential web security suite that fights hackers, internet threats & bots for you. We provide proactive security for your websites running popular CMSs like WordPress, OpenCart, Magento etc.

It is one small security loophole v/s your entire website or web application

Get your web app audited with Astra’s Continuous Pentest Solution

Tags: ,

Aakanchha Keshri

Aakanchha is a technical writer and a cybersecurity enthusiast. She is an avid reader, researcher, and an active contributor to our blog and the cybersecurity genre in general. To date, she has written over 200 blogs for more than 60 domains on topics ranging from technical to promotional. When she is not writing or researching she revels in a game or two of CS: GO.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany