Actor Claims to Sell Access to Magento-Based Store

A threat actor has recently surfaced on the dark web, claiming to sell access to a Magento-based e-commerce store.

The store reportedly caters to two distinct markets: the Arab region and global customers, including Tier 1 countries such as the United States and European nations.

The cybercriminal has provided a screenshot showcasing the percentage of purchases and payment methods, adding credibility to their claim.

The bidding for access starts at $50, with increments of $25, while a “blitz” option is available for $300.

This incident highlights the persistent vulnerabilities in Magento-based platforms, which have been frequent targets of cyberattacks due to their widespread use in e-commerce.

Magento’s popularity makes it a lucrative target for hackers seeking to exploit vulnerabilities for financial gain.

Magento’s History of Vulnerabilities

According to the post from DarkWebInformer, Magento-based stores have been a focal point for cybercriminals over the years.

Exploits such as CVE-2024-34102, also known as “CosmicSting,” have allowed attackers to compromise thousands of stores by injecting malicious JavaScript into checkout pages.

This technique enables the theft of customer payment data through skimming malware like Magecart, which has plagued the platform since 2010.

In 2024 alone, approximately 5% of all Adobe Commerce and Magento stores were compromised by similar vulnerabilities, affecting major brands like Ray-Ban and National Geographic.

Despite efforts by Adobe and cybersecurity experts to patch these vulnerabilities, many merchants fail to implement updates or follow security guidelines, leaving their systems exposed.

Attackers often combine multiple exploits, enabling them to steal cryptographic keys, access sensitive customer data, and install backdoors for future attacks.

Targeting the Arab Market and Beyond

The threat actor’s focus on both the Arab region and Tier 1 countries underscores the global nature of cybercrime.

In regions like the Gulf Cooperation Council (GCC), where digitalization is high and e-commerce is booming, cybercriminals see ample opportunities.

According to recent reports, UAE and Saudi Arabia account for 40% and 26% of dark web posts related to cybercrime in the region, respectively. These posts often involve selling access to corporate networks or customer databases.

The Arab region’s attractiveness stems from its economic prosperity and technological advancement.

However, this also makes it a prime target for attacks like Magecart skimming or unauthorized access sales. Payment methods tailored for regional markets—such as Sadad in Saudi Arabia—are also vulnerable if integrated into compromised platforms.

Implications and Recommendations

The sale of access to a Magento-based store serves as a stark reminder of the importance of robust cybersecurity measures in e-commerce.

Merchants using Magento are urged to:

• Regularly update their platforms with security patches.
• Implement multi-factor authentication (MFA) for administrative accounts.
• Monitor transactions for suspicious activity.
• Conduct periodic security audits to identify vulnerabilities.

Additionally, businesses operating in high-risk regions like the GCC should prioritize securing localized payment gateways and consider geo-restriction tools to limit exposure.

Also Read:

Hacker Group Leveraging 7z and UltraVNC Tools to Stealthily Deploy Malware

See more