A new kind of malicious software is circulating around the Internet. This illicit program was crafted with the ability to collect administrator’s data for e-commerce websites. Experts on online security, Sucuri caught one of this bugs creeping around Prestashop’s online store.
Conrado Torquato was the specialist who had unearthed the bug. He said it uses a certain programming script that allows the hackers to gain access company’s server and tally the administrator’s data. Specifically, the cyber junkies had simply created a modified code for displaying the online store’s login page with an additional script that lets them collect the inputted login credentials. This information is then sent automatically to the hacker’s inbox.
Torquato also indicated that the cyber criminals are also able to collect the target’s domain, page URL for the login page as well as the administrator’s login information in full human language. All these findings manifested that the malicious code provides the hackers with all they need to login to their target site legitimately.
But why should they need the hackers still need this information when they have already breached the company’s website and altered its source code? Perhaps these hackers are assuming that Prestashop administrators use the same information with other computer systems which they conduct business with. They could use these data to access those systems as well and steal important information from there.
The researcher also reported that some Gmail addresses which received the allegedly hacked information were removed during the time he was investigating the incident. He guessed that this action might have been done by Google. This initiative was pursued by the search company after having received an abuse report from its users.
It is quite rare that you find cyber criminals stealing login information on online stores. Most of the time, investigators would only catch the culprit by discovering malicious codes which gather credit card details and other payment account information from checkout webforms. The case on Prestashop’s breach is indeed an unusual circumstance that calls for some attention and alarm for many e-commerce stores.
Prestashop is an online, e-commerce platform which provides free, open source Internet business solutions using the PHP programming language. The hackers involved with the breach are obviously masters of this craft. It looks like the cyber crooks are becoming wiser with their evil plot to conquer the online world.