One in five Magecart-infected stores get reinfected within days

Online stores that have been infected with the Magecart malware --known to record and steal credit card details from checkout forms-- often get reinfected after clean-up operations, a recent report has revealed.

"In the last quarter, 1 out of 5 breached stores were infected (and cleaned) multiple times, some even up to 18 times," said Willem de Groot, a Dutch security researcher and the creator of MageReport, an online malware and vulnerability scanner for online stores.

De Groot says he's tracked Magecart-like infections on more than 40,000 domains since 2015. The researcher says that during August, September, and October, his scanner detected Magecart-like card skimming malware on over 5,400 domains.

Skimmers persisted on average for 12.7 days, but in most cases, shop owners intervened and removed the malicious code.

ZDNet: Black Friday 2018 deals: Business Bargain Hunter's top picks | Cyber Monday 2018 deals: Business Bargain Hunter's top picks

However, despite their best efforts, some online merchants failed to properly close hackers' entry points during clean-up operations.

He says that 21.3 percent of the cleaned shops got reinfected. A large number of reinfections occurred within the first day, or after a week, but on average, the reinfection time was 10.5 days.

"Public examples of stores battling with reinfections are TechRabbit.com (2 times), Kitronik.co.uk (4 times) and Zapals.com (4 times)," de Groot said. Feedify can also be added to this list, being also reinfected twice after cleaning an original infection.

De Groot, who just yesterday spotted a Magecart infection on Alex Jones' Infowars online store, blames the reinfections on a combination of factors.

"This shows that countermeasures taken by merchants and their contracted security firms often fail. There are multiple reasons for this," he said. The expert listed:

• Magecart operatives often litter a hacked store with backdoors and rogue admin accounts.
• Magecart operatives use reinfection mechanisms such as database triggers and hidden periodic tasks to reinstate their payload.
• Magecart operatives use obfuscation techniques to make their presence indistinguishable from legitimate code.
• Magecart operatives utilize unpublished security exploits (aka 0days) to hack sites, exploits for which there are no patches.

"All in all, it takes some very keen eyes and a lot of effort to clean all traces of a breach," he said.

De Groot also asserts that Magecart groups have gotten more professional in recent years, an assessment consistent with the findings of a 60-page report published this week by RiskIQ and Flashpoint, which shed some light into the operations of seven major Magecart criminal groups.

How to discover and destroy spyware on your smartphone (in pictures)

Related cybersecurity coverage:

• US Cyber Command starts uploading foreign APT malware to VirusTotal
• States activate National Guard cyber units for US midterm elections
• Alex Jones sues PayPal after InfoWars banned for 'hate and intolerance' CNET
• Cisco removed its seventh backdoor account this year, and that's a good thing
• Data of nearly 700,000 Amex India customers exposed via MongoDB server
• Hackers breach StatCounter to hijack Bitcoin transactions on Gate.io exchange
• Adobe acquires Magento in bid to become Salesforce for SMBs TechRepublic
• Canada Post leaked personal data, orders of thousands of cannabis smokers

Best Black Friday 2018 deals:

• Amazon Seven Days of Black Friday Deals: All-time lows on office devices
• Amazon Black Friday 2018 deals: See early sales on Echo, Fire HD
• Best Buy Black Friday 2018 deals: Deep discounts on Apple Mac, Microsoft Surface
• Target Black Friday 2018 deals: $250 iPad mini 4, $120 Chromebook
• Walmart Black Friday 2018 deals: $99 Chromebook, $89 Windows 2-in-1
• Dell Black Friday 2018 deals: $120 Inspiron laptop, $500 gaming desktop
• Newegg Black Friday 2018 deals: $50 off Moto G6, $70 off Nest thermostat
• Office Depot Black Friday 2018 deals: $300 off Lenovo Flex, $129 HP Chromebook
• eBay Black Friday 2018 deals: See early sales on Galaxy Watch, Chromecast
• Lenovo Black Friday 2018 deals: ThinkPad laptops and more
• Microsoft Store Black Friday 2018 deals: Ad showcases Surface, laptop deals
• Windows laptops Black Friday deals: Dell, HP, Lenovo
• Chromebook Black Friday 2018 deals: Dell, Google, HP
• Best tablet Black Friday deals: Apple iPad, Amazon Fire
• Black Friday 2018 iPhone deals: $400 iPhone X gift card, BOGO iPhone XR
• Black Friday 2018 smartphone deals: OnePlus 6T, LG G7