Credit card gobbling malware found piggybacking on ecommerce sites | Cyber Security

Latest breaking news on

Thanks to Mark Stockley, our resident JavaScript, PHP and jQuery expert, for his help with this article.

Dutch security researcher Willem de Groot, who’s particularly interested in security problems on online payment , recently wrote about a long-running Magento campaign.

Magento is to what WordPress is to blogging – you can run the open source version on your own servers; you can use an partner who’ll run a Magento instance for you; or you can sign up for Magento’s own cloud platform.

Thousands of sites still run their own Magento servers, even in the modern cloud-centric era, for example because they’ve already got a customised warehousing and shipping system with which their ecommerce servers need to integrate.

Unfortunately, de Groot found that many of these sites – more than 7000 in total, he claims – have been infiltrated by cybercrooks in the past six months.

Worse still, de Groot estimates that nearly 1500 of them may have been infected for the entire six-month period.