Hackers attacked Volusion cloud-based e-commerce platform

Attackers compromised Volusion’s cloud-based e-commerce platform infrastructure. Hackers attacked it and injected a malicious code that steals bancard data entered by users into online forms.

Currently, the malicious code has not yet been removed from the Volusion servers, and it still compromises the company’s client stores.

It is already known that 6,500 stores were affected by this attack, but in the end their number may turn out to be even higher, since last month Volusion announced that it already serves more than 20,000 customers. One of the largest victims of the incident was the Sesame Street Live store, which has currently suspended operations.

Reference:

Volusion describes itself as a leading e-commerce solution for small businesses. With its powerful shopping cart software, Volusion has helped thousands of merchants and supposedly Shoppers have spent more than $28 billion in transactions and placed over 185 million orders on Volusion stores.

Apparently, the incident occurred at the beginning of last month after hackers gained access to the Volusion infrastructure in Google Cloud, where they made changes to the JavaScript file, and now the malicious code collects all the map data entered into online forms.

Volusion representatives do not respond to emails and phone calls from either journalists or researchers from Check Point, Trend Micro, or RiskIQ, who also noticed a hack.

“While all the resources are loading from sesamestreetlivestore.com or volusion.com affiliated websites, there is an odd javascript file being loaded from storage.googleapis.com with interesting bucket name of volusionapi. If you are not aware of it, storage.googleapis.com is a Google Cloud Storage domain name which is a RESTful online file storage web service for storing and accessing data on Google Cloud Platform infrastructure”, – Check Point experts analyze the infection.

The compromised file is located at https://storage.googleapis[.]com/volusionapi/resources.js and is uploaded to Volusion online stores through /a/j/vnav.js. A copy of the infected file can be found here.

What happened to Volusion is a classic Magecart attack, during which attackers use web scrimmers and steal payment card data through online stores, rather than through ATMs. Let me remind you that many Magecart groups practice attacks not on the stores themselves, but on various service providers and platforms.

Read also: Researchers identified a link between the Magecart Group 4 and Cobalt

For example, in the summer of this year, it was for this reason that Picreel, Alpaca Forms, AppLixir, RYVIU, OmniKick, eGain and AdMaxim, which provide services to online stores, were compromised.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Leave a Reply

Back to top button