Online Store PrestaShop Exploited to Steal Payment Data

The online store platform called PrestaShop has been discovered to having been exploited by malicious code that can steal supposedly secure payment information from merchants.

For those outside of the loop, PrestaShop is an eCommerce platform similar to WooCommerce or Magento. It enables websites to add store functionality and handles product listings, checkout, payments and many functions would expect from a store.

It’s an open source product, managed and maintained by a team of dedicated developers. It is apparently used by over 300,000 stores worldwide, some of which are going to be affected by this exploit.

If you use PrestaShop to power your online store, we recommend updating it right away as there’s a fix for this risk.

How the Exploit Works

The PrestaShop exploit uses a vulnerability within the platform to inject malicious code that can record payment details from store transactions.

The malware continuously monitors checkout pages and record the data entered into the page. It then reports that information back so it can be used for nefarious purposes.

Apparently, there are also vulnerable plugins for PrestaShop that are also susceptible to this exploit- none of which have been named.

The Mitigation

PrestaShop has released a fix in version 1.7.8.7 that strengthens the MySQL Smarty cache storage. The fix should prevent code injection attacks like this one and should be enough to protect stores.

The number of stores affected is unknown, as is, the number of successful attacks discovered. If you use PrestaShop, we recommend updating immediately to the latest version to help keep it secure.

If you use older PrestaShop modules that require use of the MySQL Smarty cache, you should also update those too. The developers of PrestaShop are confident the fix will be enough to keep systems safe but did mention to update all modules as well as the core software.