911 Hack Removal

Attacked by Magecart? Here’s What You Should Do

Published on: June 27, 2020

Attacked by Magecart? Here’s What You Should Do

With the growing use of e-commerce, the threat to its security is a huge concern. For Magento e-commerce, one major risk comes from the Magecart attacks. Magecart is a nexus of card skimmers that have been actively targeting Magento websites for quite some time now. Websites hacked by the Magecart group often have malicious JS inserted in their checkout pages that skim credit card details of customers. One telling sign of being hacked by the Magecart card skimmers is multiple customers complaining of card abuse. If you have become the victim of a Magecart attack, here’s what you should do.

Symptoms that Magento got hacked with Magecart

Though identifying the compromise of the Magento can be difficult at first, yet there will be some tell-tale signs that hints your Magento store has been attacked with MageCart:

  • Customers complaining of card abuse: The first sign will be increased consumer complaints regarding payment issues. The complaints would relate to orders for which payments have been made, but the order was not made by them. These are some classic cases of card abuse. An increase in complaints like these on the side of the merchant is a huge red flag and an indicator of Magecart attack.
  • A dramatic change in consumer behavior: The next sign that you must be careful is the shift In the kind of orders. Suppose, if the 18-year-old boy on your portal suddenly orders diapers for toddlers, your vigilance is important in this scenario. Often, such changes in consumer purchase behavior is an early sign that something might be wrong.
  • Mismatch in card address & billing address: In the checkout form, change in the shipping address, that is very distant from each other is another symptom that Magento got hacked with Magecart. Such signs will tell you that there is a change in the person who is purchasing the product which is something you need to be wary about. Often under these circumstances, it is better to dial the number of the account owner to get confirmation.
  • Price manipulation on orders: The manipulation in the purchasing price to zero or the changes in the product purchase payments are the other signs you must be aware of. If in your e-commerce platform, the product is shipped but there is no amount received, you are at risk.

Magento Hacked? What you should know as a user?

As a user, it is hard to know if the portal you’re buying from is hacked. Yet, paying close attention to your bills and the payments from your cards after you purchased from a store can reveal if that store was hacked or not. Once you are sure that your data has been hacked, the first thing you should do is to contact the nearby branch of your bank and cancel the credit card so that no further nefarious transactions are made.

Then, it becomes important to notify the portal (or Magento website) about the issue. Raising a complaint is necessary, even though you have blocked your card. As you raise a complaint you bring the hack to the notice of the concerning people and save others from losing their data. Besides, you can also seek compensation for the loss caused to you due to such a mishap.

If you’re the store owner, this is how you can remove the Magecart hack

After your Magento store has been hacked, it becomes important to know the recovery plan.

1. The first step is to scan your website with a malware scanner.

This way any malicious JS on your website will get flagged all at once. And you can easily review and remove them. However, if you don’t know any difference between good code and malicious code, hire someone who can review your site and remove the malware for you. The leading security solution – Astra Security provides excellent Malware removal service. Their turnaround time is industry best with only 4-6 hours.

PHP Pharma hack
Malware flagged by the Astra Malware Scanner

2. Keeping a back-up of your website is the second step to get back online soon!

Even if you have prior technical knowledge, we recommend you keep a back-up of your website before jumping to make changes in your websites, in case anything goes south. Often, finding malicious JS is a difficult task. Thus, the backed-up website helps in restoring your store real quick even if you made a mistake. If you’re new to this, follow this detailed Magento hack removal guide.

Alternatively, if you were already in the habit of taking a back-up, rolling a good backup can instantly reverse the hack. The only challenge with this is that Magecart hack hides itself for weeks, which makes it difficult to put an exact timeline to the hack. So you might not know which backup is good and which is malicious.

3. Ensuring a safe payment gateway is the third step to cyber-security

Payments that are made to your website are often made through plastic make. Secure the payment gateway, such that no phishing or pharming activities take place. Securing the payment gateway through data encryption and private keys are the essential steps. Moving forward to the crypto-currency mode of payment is also the trend as it is more secure.

4. Further steps needed to increase the security of your online store

  • The website should be protected using malware cleaners. The firewall on the website protects the site from malicious attacks
  • Altering the credentials and URL for the admin section on a consistent basis
  • Secure important files through encryption and permission.

Summarized checklist: Magento got hacked with Magecart

Check list to solve Magento got hacked with Magecart
Source: Magent
  • Identifying the threat on your website and the details of the card being compromised.
  • Creating a back-up for the important data on the website.
  • The integrity of the file should be intact. Use SSH commands to check for the file integrity and the diff command to spot any differences.
  • Review the user accounts by logging in to your Admin Panel. Scrutinize the ID numbers and funny names as usernames! Delete them from your end.
  • Using the Safe Browsing Site, check for the safety report of your website. This is only applicable if your website is banned by Google due to security reasons.
  • Fixing the website by logging in using the SSH and looking for recent changes in the website content. Search for malicious domains, review the files pointed out by diff, and restore the system.
  • Compare the sceptical files with the clean back-up of the website. Do away with such files and malicious codes from the files.
  • After the changes are made, make sure to test the site, before going live!

It can be very technical to solve this issue. If you are not comfortable with the technicalities, don’t hesitate to consult Astra Security. With their rich experience in the domain of cyber-security, Astra Security ensures a quick solution with this issue. Contact them now to solve the problem of Magento getting hacked with Magecart within a few hours!

Was this post helpful?

Aakanchha Keshri

Aakanchha is a technical writer and a cybersecurity enthusiast. She is an avid reader, researcher, and an active contributor to our blog and the cybersecurity genre in general. To date, she has written over 200 blogs for more than 60 domains on topics ranging from technical to promotional. When she is not writing or researching she revels in a game or two of CS: GO.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany