Adobe urged customers using the Magento 1 e-commerce platform to upgrade to the latest version of Adobe Commerce after security company Sansec detected a mass breach of over 500 stores running the platform.
In a statement to ZDNet, Adobe said it ended support for Magento 1 on June 30, 2020.
“We continue to encourage merchants to upgrade to the latest version of Adobe Commerce for the most up-to-date security, flexibility, extensibility, and scalability,” an Adobe spokesperson said.
“At a minimum, we recommend Magento Open Source merchants on Magento 1 to upgrade to the latest version of Magento Open Source (built on Magento 2), to which Adobe contributes key security updates.”
On Tuesday, Sansec released a report showing that hundreds of stores were the victim of a payment skimmer loaded from the naturalfreshmall.com domain.
More than 350 ecommerce stores infected with malware in a single day.
Today our global crawler discovered 374 ecommerce stores infected with the same strain of malware. 370 of these stores load the malware via https://naturalfreshmall[.]com/image/pixel[.]js.
— Sansec (@sansecio) January 25, 2022
“We invited victims to reach out to us, so we could find a common point of entry and protect other merchants against a potential new attack. The first investigation is now completed: attackers used a clever combination of an SQL injection (SQLi) and PHP Object Injection (POI) attack to gain control of the Magento store,” the researchers explained.
“Attackers abused a (known) leak in the Quickview plugin. While this is typically abused to inject rogue Magento admin users, in this case the attacker used the flaw to run code directly on the server.”
In their examination of one attack, they found the threat actor left 19 backdoors on the system. They recommended victims use a malware scanner to identify all of the instances of malicious files or Magento code that had malicious code added to them.
Sansec noted that even though Adobe has ended support for Magento, thousands of businesses still use it.
Magento has long been a source of issues for Adobe and the online merchants who use it. In November, the National Cyber Security Centre (NCSC) identified a total of 4,151 retailers that had been compromised by hackers attempting to exploit vulnerabilities on checkout pages to divert payments and steal details.
The majority of the online shops that cybercriminals exploited for payment-skimming attacks were compromised by known vulnerabilities in the e-commerce platform Magento. In February 2021, Magento received a slew of security fixes from Adobe. Specifically, Magento Commerce and Magento Open Source on all platforms were subject to a total of 18 bugs, varying in severity from critical to moderate.
More than 2,000 Magento online stores were hacked in September 2020, attacks that were also spotted by Sansec at the time. Attacks against sites running the now-deprecated Magento 1.x software were anticipated by Adobe, which issued the first alert in November 2019 about store owners needing to update to the 2.x branch.
Adobe’s initial warning about impending attacks on Magento 1.x stores was later echoed in similar security advisories issued by Mastercard and Visa.
Even the FBI warned in 2020 that hackers were exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers’ payment card data.
