More than 350 ecommerce stores infected with malware in a single day.

Today our global crawler discovered 374 ecommerce stores infected with the same strain of malware. 370 of these stores load the malware via https://naturalfreshmall[.]com/image/pixel[.]js. Another batch got hacked last night, bringing the total to 461 compromised stores.

UPDATE Nearly 2000 Magento stores got hacked over the weekend, which is - by far - the largest automated campaign to date. Malware loader: mcdnn[.]net. Exfil: imags[.]pw

sansec.io/research/large… Possibly linked to a Magento 1 0day exploit that was put up for sale for $5000 a few weeks ago

Indonesian police arrests 3 Magecart hackers who ran skimming operation since 2017. They recently registered "magecart[.]net" for payment interception. sansec.io/labs/2020/01/2… One suspect admitted on live television that he had injected payment skimmers on foreign stores since 2017. He claimed to have earned enough money "to buy a jacket".

Skimmers write actual spaghetti code... In an unexpected plot twist, card-stealing malware was disguised as Italian cuisine. #magecart #webskimmer 1/3 Normally criminals go out of their way to hide their work, but this pasta fan didn't seem to care. Also, the card collection server is pizdasniff[.]site, which is proper Russian for "pussyskimmer". 2/3