Over 1,000 Magento Stores Hacked to Steal Card Data, Run Cryptojacking Scripts
Security researchers say they've identified at last 1,000 Magento sites that have been hacked by cybercriminals and infected with malicious scripts that steal payment card details or are used as staging points in the delivery of other malware.
"The Magento sites are being compromised through brute-force attacks using common and known default Magento credentials," Flashpoint researchers say.
"Brute-force attacks such as these are simplified when admins fail to change the credentials upon installation of the platform," researchers add. "Attackers, meanwhile, can build simple automated scripts loaded with known credentials to facilitate access of the panels."