The software company Volusion, which offers in cloud services to online shops, fell victim to hacking attack. Hackers are sharing malicious code, which records and steals payment card details that are imported by users in online forms, when purchasing them.
Volusion had reported having more than 20.000 customers. It is estimated that attack affected about 6.500 stores. However, the number may be larger.
One of the most important customers of Volusion affected, is the Sesame Street Live online store.
The malicious code is still on servers of Volusion and continues to affect the company's customers.
Many large companies are already investigating the attack (Check Point, Trend Micro, RiskIQ).
The file, modified by hackers, is hosted at https://storage.googleapis.com/volusionapi/resources.js [copy] and uploaded to online stores supported by Volusion through the /a/j/vnav.js file.
Details of the malicious code can be found in the analysis, which he published Check Point researcher Marcel Afrahim.
These attacks are very common in the last two years. RiskIQ reported that Magecart attacks have occurred on more than 18.000 sites in recent months.
Usually, hackers exploit vulnerabilities in self-hosted stores and install skimmers.
In this case, they violated a cloud-based platform (Volusion).
In May, some hackers breached the cloud infrastructure of seven companies, which provided services to online stores.
During the summer, there were other such attacks that affected Amazon Web Services accounts. The current attack on Volusion is the first to be detected in Google Cloud.