911 Hack Removal

What Are MageCart Attacks On OpenCart And How To Prevent It

Updated on: March 29, 2020

What Are MageCart Attacks On OpenCart And How To Prevent It

Article Summary

Magecart, is a group of groups that is notoriously famous for their web skimming activities for half a decade now. These attackers often look for vulnerabilities on top e-commerce CMS(s) like Magento, OpenCart, Prestashop, Shopify, etc to inject malicious JavaScripts.

Magecart, is a group of groups that is notoriously famous for their web skimming activities for half a decade now. These attackers often look for vulnerabilities on top e-commerce CMS(s) like Magento, OpenCart, PrestaShop, Shopify, etc to inject malicious JavaScripts.

These JavaScripts are used to skim sensitive yet commercial & rewarding data like credit card details of customers on the websites. In the previous post of this Magecart series, we talked about how Magecart targets Magento. Here, we will talk about the Magecart attacks on OpenCart – the complete execution method.

Magecart Attacks on OpenCart

OpenCart as you probably know it, is amongst the top three CMS for e-commerce websites. It ranks third, only after Magento and Shopify on the popularity scale. Clearly, this popularity also lands it in the list of top targets of Magecart directors.

After the sensational report revealing the nitty gritty of Magecart, RiskIQ’s researcher has again published a new report detailing the operations of Magecart group 12 in Opencart stores. These groups target smaller stores to remain hidden and out of the headlines.

According to the report Magecart Group 12 has also been recognized to compromise famous french advertiser Adverline. Due to which every website visiting Adverline will unknowingly be loading malicious scripts on their websites. Apart from that Magecart group 12 has breached security and stolen data of thousands of smaller website that ran versions of Magento, OpenCart, and OSCommerce.

If we look at a more recent attack, Magecart has been using pre-filter JavaScript codes to inject skimmers in Opencart sites after knowing that a visitor is going on the checkout page.

How Magecart Attacks on OpenCart are executed?

Till now, there are three ways of intrusion been reported in the Magecart attacks on Opencart case. I have listed all of them below.

By Exploiting Vulnerabilities

The first way, the Magecart attacker execute their plan is by exploiting known vulnerabilities. These vulnerabilities are either available online for free or can be availed with a price.

By Hijacking Admin Panel

Another way Magecart attacks on Opencart store executed is by getting hold of the login credentials of the admin panel either by brute-force attacks or by phishing.

By Compromising Third-Party Vendors

The third method used is the compromisation of third-party Vendors like plugin & theme developers. Attackers also make their way inside the e-commerce stores through these external sources to plant web skimmers.

Magecart Attacks on OpenCart
An example of JavaScript code used to skim the web

Preventive Measures Magecart Attacks on OpenCart

No one can vouch for a complete hack-proof situation on the web, however, you sure can minimize the attacks and their severity by following safe security practices. I have listed some of them below:

Be Up to Date

Never overlook the CMS version you are running your business on. Not updating to the latest versions can only infuse more troubles for you and your website. Outdated versions tend to have known vulnerabilities that can be exploited by an attacker much easily.

Set Correct File & Folder Permissions

Further, hardening your website’s every entry point is another way how you can tackle this problem. Set stricter file permissions for your website. Here is an article you may look into to get a better idea of how to do that.

Use a Security Solution

A trusted and competent security solution can be a life savior. A firewall like Astra’s discourages any unauthentic penetrations on the website. It blocks attempts 100+ known cyber attacks. A few of which are SQLi, Rfi/lfi, XSS, CSRF, Owasp top 10, etc. Moreover, Astra’s automated malware scanner simplifies regular scanning of your website. With this scanner, you can scan your website on a click of a button.


Magecart attacks are not the only web skimming group in cyberspace. There are hundreds of hackers that take advantage of the anonymity that the web provides. Having said that, skimming of important credit card info is not going to be safe overnight as clearly, Magecart is not abandoning its operations anytime soon. But we could discourage its every attempt by being smarter than the attackers. And, implying better protection methods on our websites is what we can start with.

Astra Security Suite is working towards making the web safer than ever. Astra has helped hundreds of website reach a secured level, you too can secure your Opencart website from Astra. Get an Astra demo now.

Was this post helpful?

Aakanchha Keshri

Aakanchha is a technical writer and a cybersecurity enthusiast. She is an avid reader, researcher, and an active contributor to our blog and the cybersecurity genre in general. To date, she has written over 200 blogs for more than 60 domains on topics ranging from technical to promotional. When she is not writing or researching she revels in a game or two of CS: GO.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany