Author Topic: Magecart Hackers Infect 17,000 Domains via Insecure S3 Buckets  (Read 15 times)

Offline Antus67

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3847
    • View Profile

By Ionut Arghire on July 12, 2019

The Magecart hackers have managed to infect over 17,000 domains by targeting improperly secured Amazon S3 buckets, RiskIQ reports.

The hackers came under the spotlight last year, after a series of high-profile attacks against websites including Ticketmaster, British Airways, and Newegg. The most recent of their attacks were hitting campus e-commerce sites and Picreel and Alpaca Forms.

Starting in early April, the hackers adopted a new shotgun approach where they would actively scan for misconfigured Amazon S3 buckets that would allow anyone with an Amazon Web Services account to read or write content to them.

The actors would then check if the misconfigured buckets had any JavaScript files (ending in .js) and then download these files, append their skimming code to the bottom, and overwrite the original script on the bucket, RiskIQ reveals.

full article here:]https://www.securityweek.com/magecart-hackers-infect-17000-domains-insecure-s3-buckets[url][/url]
Windows Defender
VoodooShield 5.01
Trojan Remover