Wednesday, September 30, 13:50
Home security Volusion: Hackers steal card details from customers of thousands of sites

Volusion: Hackers steal card details from customers of thousands of sites

VolusionThe software company Volusion, which offers in cloud services to online shops, fell victim to hacking attack. Hackers are sharing malicious code, which records and steals payment card details that are imported by users in online forms, when purchasing them.

Volusion had reported having more than 20.000 customers. It is estimated that attack affected about 6.500 stores. However, the number may be larger.

One of the most important customers of Volusion affected, is the Sesame Street Live online store.

The malicious code is still on servers of Volusion and continues to affect the company's customers.

Many large companies are already investigating the attack (Check Point, Trend Micro, RiskIQ).

The hackers they managed to acquire access to Google Volusion Cloud Infrastructure. They then modified a JavaScript file and installed malicious code to capture the card details that users enter when shopping in online stores.

The file, modified by hackers, is hosted at https://storage.googleapis.com/volusionapi/resources.js [copy] and uploaded to online stores supported by Volusion through the /a/j/vnav.js file.

Details of the malicious code can be found in the analysis, which he published Check Point researcher Marcel Afrahim.

According to investigators, the attack is classic example Magecart or web card skimming attack. In this case, the hackers are stealing data cards from online stores (not ATMs).

These attacks are very common in the last two years. RiskIQ reported that Magecart attacks have occurred on more than 18.000 sites in recent months.

Usually, hackers exploit vulnerabilities in self-hosted stores and install skimmers.

In this case, they violated a cloud-based platform (Volusion).

In May, some hackers breached the cloud infrastructure of seven companies, which provided services to online stores.

During the summer, there were other such attacks that affected Amazon Web Services accounts. The current attack on Volusion is the first to be detected in Google Cloud.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

71% of health applications contain at least one serious vulnerability

As revealed in its recent report by Intertrust Technologies, approximately 71% of healthcare and medical applications contain at least one ...

Microsoft: What are its new findings on cyber threats?

Microsoft has published a new 88-page report (Microsoft Digital Defense Report), in which it describes its main findings regarding ...

Microsoft clarifies patch steps for Zerologon defect

Microsoft outlined the steps that customers must follow to ensure that their devices are protected from ongoing ...

Security breach at Kylie Cosmetics exposes customer data

As Kylie Cosmetics announced, a security breach committed in the company that manages its e-commerce platform, Shopify, may ...

NatWest: Provides its customers with free antivirus protection in partnership with Malwarebytes

National Westminster (NatWest) Bank customers now have the opportunity to receive a free copy of their Malwarebytes Premium subscription for up to ...

Swatch: Disables its systems due to cyber attack

The popular Swiss watch and jewelry company, Swatch Group, was forced to close its IT systems ...

Google: Strict reforms for sexual harassment

More than a year after Google filed a lawsuit against senior executives for sexual misconduct, the ...

Medisys: 60.000 customers affected by data breach

According to an announcement by Medisys Health Group, the personal information of about 60.000 of its clients has been affected by a breach that took place ...

Microsoft: Russia is behind most cyber attacks

Russia-based hackers are responsible for most of the attacks - nationally - on Microsoft customers, according to ...

OTE Group: A guide to the digital transformation of society and business

-A total of nine awards and the top distinction ICT Company of the Year, for the second year in the OTE Group, in Impact Business IT ...