Malware Injection Prevalent on eCommerce Sites

Thursday, June 18, 2015 @ 02:06 PM gHale

Visitors clicking on eCommerce sites have a good chance of suffering from client side injected malware, a new report said.

Fifteen to 30 percent of visitors could end up infected, according to a whitepaper from Namogoo, an online security firm.

Malware May: Most Threats Recorded in ‘15
Breach Detection, Mitigation Still Slow
SaaS Breaches Very Costly
DDoS Attacks on Rise in Q2: Report

Namogoo said the sites, which they cannot name, are among some of the most popular travel sites.

Namogoo identified over 25,000 injector signatures with an average of 200 new ones appearing daily. Injected ads made an estimated $7 billion in revenue last year. There are plenty of ways average users can fall victim to the malicious software.

“We even see anti-virus companies using their software to secretly infect consumers with CSIM. It’s a startling but unfortunate truth,” said Namogoo co-founder and Chief Executive Chemi Katz.

In the last six months assaults increased by 20 percent, researchers said this is a sign the bad guys are becoming more aggressive. Certain industries such as travel and luxury goods have seen more concentrated effort in the use of the malware as users have been more likely to click the false ads and make larger purchases when visiting these sites.

“It doesn’t make sense to expect uneducated consumers to protect themselves against increasingly sophisticated malware,” said co-founder and COO Ohad Greenshpan. “Our technology shifts that burden to the brands, where it’s a much fairer fight. We’ve been working with a lot of major U.S. and EU e-commerce companies, and the problem is a lot bigger than people think.”

To prevent the malware from siphoning revenue and disrupting a website’s visitor experience Namogoo said companies should raise awareness among stakeholders of the risk.

Click here to download the whitepaper.