Visbot infected HK websites notified risk of credit card data leakage, and release of Magento security guide

In Dec 2016, a Dutch information security researcher (gwillem.gitlab.io) has released a research report on websites installed with Magento, a popular eCommerce application for online transaction, infected with ‘Visbot’ malware. The researcher warned vulnerable Magento websites injected with JavaScript ‘wiretap’ in Oct 2016. Criminals use both JavaScript ‘wiretap’ and ‘Visbot’ malware for ‘online skimming’, i.e. intercepting credit card data in the infected websites.

Some of the Visbot infected websites are hosted in or affiliated with Hong Kong. We have obtained the HK website information from the researcher, and have notified the related ISP or domain registrars to alert their clients for cleanup.

HKCERT has also released the Magento eCommerce Web Application Security Guide to help website owners to remove and protect themselves from the malware: /my_url/guideline/17011201.

Website owners are urged to act promptly if receiving notification from your service provider to prevent credit card data leakage. Even you do not receive any notification, you are advised to take preventive measure to protect your website from any financial loss.