Neutrino exploit kit attacks hit thousands of Magento shops
Hackers raise drop-dead-dumb red flag
Researchers are warning of a bumbling but large campaign against Magento-powered ecommerce sites that is redirecting users to the Neutrino exploit kit.
It is unclear how many sites have been popped, but admins will notice this drop-dead dumb hint: the attack includes a file named neutrino.php.
Websites using eBay's Magento commerce platform are being targeted through a suspected but as-yet undefined vulnerability in the platform, malware analysts Jerome Segura and Denis Sinegubko say.
Google has blocked more than 8200 sites - and counting - linked to the attacks. The number is increasing by hundreds each day.
The pair warn that users running vulnerable versions of Adobe Flash can be exploited and served the Andromeda or Gamarue malware, which steal banking credentials and enlist machines into a large botnet.
"Since the vulnerability provides access to your database, hackers could use it to create malicious admin users; so it is a good idea to review your site users," Sinegubko of security firm Sucuri says.
MalwareBytes' Segura adds that the criminals are now shifting gears and using different injection patterns and attack vectors.
The Neutrino exploit kit is among the most notorious of the off-the-shelf hacking toolkits popular with ransomware and malvertising slingers.
The Angler exploit kit still reigns supreme but was partially disrupted in a Cisco take down last month.
Researchers tell Vulture South that take down shook up a few campaigns but claim less than half of Angler attackers were affected. ®