“Magento and Adobe Commerce are no strangers to endanger an actors, in view of their widespread use to power and pay the payment card data,” CSO, CEO of security firm Watchtower, Benjamin Harris told CSO. “We can expect such serious weaknesses to enable magic-style attacks and payment data theft. Given the history of in-walled exploitation against Magento and emergency nature of this update, we firmly urge out organizations to immediately patch the organizations.”
The magecart refers to a section of attacks in which hackers compromise on the online store and inject malicious scripts to the payment form to steal the customer payment card data during the checkout. These scripts, also known as web skimmers, have been used by many attacker groups, but are derived from the word magento, which is one of the first platforms targeted with this technique through weak extensions.
While web skimming and form-jacking dominated the ecommerce danger scenario between 2010 and 2020, Magcart-style attacks remain active. The Ecommerce Security firm SANSEC report adds an average of 30 new web skimming signatures per day last year.
