Posted on November 16, 2018 at 9:27 PM

Reappearance of Magecart Malware to Infect Virtual Stores

Technological advances have been made so that harmful agents such as malware and viruses steal any type of personal and financial information from virtual stores and their customers. Recently, a story has circulated where many of these online stores have faced the Magecart malware, which aimed to steal all personal data and credit cards of customers but again appeared after a cleaning and measures that were taken against this problem, according to recent reports.

Willem de Groot is a Dutch security researcher, who has declared that 1 in 5 stores affected by the malware did their respective cleaning; some repeated the process up to 18 times. Willem, in turn, is the creator of MegaReport, software to scan malware for online stores, with which you can also assess their vulnerability.

This Dutch researcher assures that during the months of August, September, and October, the scanner that the development could detect a malicious virus that shares similarity with the Magecart card present in approximately 5,400 domains. He has also been conducting an infection tracking research since 2015 and has been found with the same Magecart infections in 40,000 domains since then.

The stores have taken action quickly in the face of this problem, and many of them carried out their respective cleanups and eliminated the malicious virus. It is estimated that the Skimmers, for their part, insisted at least an average of 12.7 days.

The main problem is that the affected merchants, despite making the greatest efforts of these malignant agents, could not completely close all the points on which the hackers rely to violate the systems, so the cleaning operations did not help much.

According to the research, the results estimate that 21.3% of the stores that carried out cleanups were subsequently reinfected with the same malware. A large number of stores were affected after the cleanups on the first day or a week, according to the victims in general, the malicious software appeared in an average of 10.5 days. A clear example of the virtual stores that were affected are Kitronik.co.uk (4 times), TechRabbit.com (2 times), Zapals.com (4 times) and Feedify after having done the first cleaning, the malware reappeared.

For his part, Willem claims to have seen the online store Infowars Alex Jone affected by the Magecart virus, and this led him to make a hypothesis of what could be causing the constant reinfection of the same virtual stores that were violated a first time. Although the merchants have taken their own measures, they are not enough and fail; therefore the problem must be faced in another more effective way to eradicate the reappearance of it.

• The main objective of Magecart is to dirty the back doors of the pirate virtual stores using fake administrator accounts.
• The mechanisms used for reinfection are based on activating databases and doing periodic hidden tasks to reappear.
• Obfuscation techniques allow Magecart to be present without being able to distinguish it from the legal code.

That is why a simple cleaning is not enough; you need to be very meticulous in the alternatives to deal with a harmful agent that infiltrates the systems to steal financial data and credit cards. The Dutch researcher ensures that the agents behind Magecart become increasingly professional and improve attack techniques.