Hackers Go on a Magento Attack Spree Using a Helpdesk Extension

Rafia Shaikh reports:

Cybercriminals are targeting Magento sites running Mirasvit Helpdesk – a popular helpdesk extension. The extension enables site owners to add a “Chat with us” widget on their Magento shops. Mirasvit was vulnerable to security flaws that affect every version of the extension up until version 1.5.2. Security firm WebShield had first published details about these security bugs back in September. While the developers had delivered a prompt fix and released version 1.5.3 in the same month, it appears websites are still using the vulnerable versions.

In a latest report, security researcher Willem de Groot has revealed that hackers are exploiting both these vulnerabilities with a goal to steal payment card data from the affected stores.

Read more on WCCFtech.

About the author: Dissent

3 comments to “Hackers Go on a Magento Attack Spree Using a Helpdesk Extension”

You can leave a reply or Trackback this post.
  1. Catalin Cimpanu - December 29, 2017

    Wow. The text of that article looks familiar. I wonder where I’ve seen it before… hmm

    • Dissent - December 29, 2017

      Is that your exact writing or did they just tweak/borrow liberally or…? I had missed your reporting on this, sorry. For those who would like to read it, it’s at:

      Magento Sites Hacked via Helpdesk Widget

      And if you’re a regular reader of this site and you haven’t already bookmarked Catalin’s reporting on BleepingComputer and on Twitter, you’re missing out on one of the best resources out there.

  2. Anonymous - December 31, 2017

    Catalin, you are a great reporter.

Comments are closed.