It is already known that 6,500 stores were affected by this attack, but in the end their number may turn out to be even higher, since last month Volusion announced that it already serves more than 20,000 customers. One of the largest victims of the incident was the Sesame Street Live store, which has currently suspended operations.
Volusion describes itself as a leading e-commerce solution for small businesses. With its powerful shopping cart software, Volusion has helped thousands of merchants and supposedly Shoppers have spent more than $28 billion in transactions and placed over 185 million orders on Volusion stores.
Apparently, the incident occurred at the beginning of last month after hackers gained access to the Volusion infrastructure in Google Cloud, where they made changes to the JavaScript file, and now the malicious code collects all the map data entered into online forms.
Volusion representatives do not respond to emails and phone calls from either journalists or researchers from Check Point, Trend Micro, or RiskIQ, who also noticed a hack.
“While all the resources are loading from sesamestreetlivestore.com or volusion.com affiliated websites, there is an odd javascript file being loaded from storage.googleapis.com with interesting bucket name of volusionapi. If you are not aware of it, storage.googleapis.com is a Google Cloud Storage domain name which is a RESTful online file storage web service for storing and accessing data on Google Cloud Platform infrastructure”, – Check Point experts analyze the infection.
The compromised file is located at https://storage.googleapis[.]com/volusionapi/resources.js and is uploaded to Volusion online stores through /a/j/vnav.js. A copy of the infected file can be found here.
What happened to Volusion is a classic Magecart attack, during which attackers use web scrimmers and steal payment card data through online stores, rather than through ATMs. Let me remind you that many Magecart groups practice attacks not on the stores themselves, but on various service providers and platforms.
Read also: Researchers identified a link between the Magecart Group 4 and Cobalt
For example, in the summer of this year, it was for this reason that Picreel, Alpaca Forms, AppLixir, RYVIU, OmniKick, eGain and AdMaxim, which provide services to online stores, were compromised.
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…
About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…
About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…
About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…