It might be time to change a few passwords and check on a few credit cards, as a new malware attack has infected a lot of ecommerce stores in service of stealing your personal information.
Online shopping has become increasingly popular over the last few years, particularly with the pandemic spurring shoppers to stay home and click their way to a new product. Unfortunately, that's exactly what scammers want to hear, as it allows them more opportunities to take advantage of vulnerable users inputting credit card information into any website they can get their hands on.
Subsequently, you may want to do a quick audit of your financial situation, because a security firm has discovered a large malware attack that is affecting nearly 500 ecommerce stores across the web.
Hackers Attach Credit Card Skimmers to Ecommerce Stores
According to a report from Santech, which is an ecommerce malware and vulnerability detection firm, approximately 500 ecommerce stores were infiltrated by Magecart, the catch-all term for competing cybercrime gangs that target ecommerce stores.
“Last week Sansec detected a mass breach of over 500 stores running the Magento 1 ecommerce platform. All stores were victim of a payment skimmer loaded from the naturalfreshmall.com domain.”
The hackers attached digital credit card skimmers to payment pages across these sites. If you visit one of these ecommerce sites, the malware displays a fake pop-up window disguised as a payment page for a product you're interested in. Once you fill it out with your information, it gets sent right to the hackers, which is not where you want it to be.
More than 350 ecommerce stores infected with malware in a single day.— Sansec (@sansecio) January 25, 2022
Today our global crawler discovered 374 ecommerce stores infected with the same strain of malware. 370 of these stores load the malware via https://naturalfreshmall[.]com/image/pixel[.]js.
How to Avoid Getting Scammed
To be fair, this is a pretty advanced malware attack that is admittedly hard to avoid. In fact, spotting digital card skimmers on a website is nearly impossible for someone that doesn't have the proper training.
Fortunately, Sansec has offered to help potential victims of this malware attack to “run a clean-up and investigation, free of charge.” All you have to do is reach out and they'll help you get yourself back in order.
As for your overall ecommerce experience, there are some ways you can lessen your chances of getting scammed when it comes to shopping online. To start, antivirus software that specifically targets malware is the best way to at least have a first line of defense when it comes to any online threats.
Additionally, if you just want to be a bit safer online, you can always utilize a password manager or a VPN to protect your accounts and hide your online activity from potential nefarious cybercriminals.