Hackers Steal Customers Payment Data
eCommerce stores built with PrestaShop have been infiltrated by dark web hackers, who continued to wreak havoc on the popular online platform. Recent research done by cyber security analysts revealed that criminal hackers have been busy targeting undiscovered zero-day vulnerabilities found in the older versions of the PrestaShop software.
By leveraging the unreported vulnerability, the threat actors were able to inject a malicious chain of compromised code, with its core performance is to potentially steal the credit card payment information of customers that shop on the platform’s websites.
The hacking attacks that impacted PrestaShop’s created websites include versions 18.104.22.168 or later versions. In addition, some web stores affected utilize 22.214.171.124, and later versions that are associated with SQL injection modules inclusive of the Wishlist 2.0.0 to 2.1.0 module.
So far, an urgent warning was issued by the PrestaShop team that has urged its clients to revise their websites’ security. The hacking breach has affected about 300,000 stores that have utilized the PrestaShop older shopping software.
The cyber attacks launched by the criminal hackers were discovered by cyber analysts, who reported on the current threat targeting the platform. According to the analysts, the hacking group has been actively exploiting the flawed vulnerability with the identifier CVE-2022-36408.
PrestaShop’s Software Breached
The targeted attacks by the dark web hackers were done by accessing one of PrestaShop’s older versions, or modules with exploitable vulnerability associated with SQL injection. Also, according to the PrestaShop team, the security breach could have been related to components from third-party vendors, as they are not certain which components are responsible for the existing flawed vulnerabilities.
According to the team, the hackers were targeting older established shops that have not upgraded their stores to the newer software or PrestaShop’s newest modules. In addition, undiscovered vulnerabilities as well as vulnerable third-party modules could have been part of the problem, as reported in PrestaShop’s security advisory.
The threat actors were able to issue remote commands that utilize a web shell, which they used to infiltrate the checkout page of the affected websites. With the hackers’ fake payment form injected into each hijacked website, the hackers were able to steal the debit and credit cards payment info of the victims.
And as observed by the cyber security team, after the attack, the hackers were able to wipe all traces of the breach, with victims unaware that their websites have even been breached by the criminals.
PrestaShop Security Update
Administrators of compromised sites should check for entries in the access logs of the web server if the attackers weren’t careful with the cleanup of evidence.
They can also check for malicious code injected into files through file modifications and the activation of the attack chain’s MySQL Smarty cache storage. These are some of the additional indications that their websites have been hacked.
PrestaShop’s evidence shows the hackers independently activated the compromised feature. However, the feature is disabled by default, and administrators could also delete it.
To accomplish this, find the file “config/smarty.config.inc.php” and remove the following lines:
Update all currently used modules to the most recent version and install the PrestaShop security update. a href=”https://build.prestashop.com/news/prestashop-1-7-8-7-maintenance-release/” target=” blank” rel=”noreferrer noopener”> Version 126.96.36.199 was just released.
For those who choose to keep using the legacy feature, this security update fortifies the MySQL Smarty cache storage against any code injection vulnerabilities. However, the security update won’t fix the hacking problem, if your website has already been compromised. You can hire an ethical hacker or IT professional to secure your website from criminal hackers.