Zscaler Finds Scams On Magento’s Platform

Zscaler has uncovered online scams on Magento’s eCommerce platform that collect credit card information from unsuspecting consumers. There are also tech support pop-up scams that employ scare tactics to encourage the user to call paid support services to remove fake viruses.

New research from Zscaler highlights an online scam to obtain credit card information from Magento’s eCommerce platform. Over the last three months, hackers have compromised over 400 retail sites that run Magento. The hackers injected malicious JavaScripts into the sites, and users are taken to a fake payment page where their information is stolen after it is entered.

Also, new “tech support pop-up scams” are targeting websites that run on the DotNetNuke (DNN) content management system. The fake tech support pages use scare tactics and pop-up ads that tell the user that their computer is infected and instruct the user to call paid support service to remove the infection.

Over a period of three months, Zscaler has found around 2,000 distinct pages with injected malicious JavaScript.

Another variant of the tech support pop-up drops an audio file called “help-msg.mp3.” The file instructs the user to call the tech support toll-free number in order to remove a backdoor Trojan from the user’s computer.

Magento eCommerce is used by many websites to integrate payments into their portals. Credit card hijack attacks are not new and remain a threat for data leakage. Many users are not able to identify fake forms in the payment pages of a genuine website. The user believes that the fake payment page is genuine and inputs their credit card information.

According to Zscaler, the affected Magento platforms include versions of Community Edition, as well as Enterprise Edition. Most of the sites with Magento eCommerce version 1.9 were injected with malicious JavaScript code.

Content management systems and platforms are targeted by cybercriminals, but it is not clear how the platforms become infected. It could be through false server administration credentials or by exploiting a weakness in the platform.

Zscaler is actively monitoring the threats related to the tech support scams and Magento credit card hijack campaign, but it advises administrators to keep their websites patched with the latest security updates.