Security researchers have discovered another major digital skimming campaign, this time compromising over 960 e-commerce sites in just a day.
Sanguine Security, which produces a malware scanning tool for popular e-commerce software platform Magento, revealed the findings in a tweet on Friday.
It described the discovery as “the largest automated campaign to date” – with 962 sites infected with the infamous Magecart code.
That’s far higher than the previous number of 700 online stores and indicates a highly automated operation, as the attacks happened in a 24-hour period with victims located around the world.
It’s believed the attacks could be the result of hackers exploiting a vulnerability in Magento.
In March, for example, a critical SQLi flaw was revealed which allows for remote code execution. Although it was patched by the vendor, it may still be exposing countless organizations to the risk of attack.
The destructive power of Magecart has been plain to see over recent months. Just today, airline BA was fined over £183m for failing to protect its web infrastructure from a Magecart attack last year, leading to the compromise of personal data on around 500,000 customers.
Multiple attack groups are known to be using the JavaScript skimming code: some work to target individual sites directly, such as the attacks on BA and US e-commerce firm Newegg, while others compromise supply chain partners.
The latter appears to be what happened here: with a possible Magento flaw providing simple access for attackers to hundreds of sites running the insecure version of the CMS software.
Sanguine Security has published the new version of the skimming code on GitHub Gist, although confirmed details on how this most recent attack worked have yet to emerge.