Brinztech Alert: CATASTROPHIC: “Live Admin Access” to Chilean PrestaShop For Sale; Already Skimmed 5.6k Cards via “Magecart” Attack

Dark Web News Analysis

The dark web news reports a “Code Red,” active, and catastrophic breach of a Chilean e-commerce shop running on the PrestaShop platform.

This is not a simple data leak. An Initial Access Broker (IAB) is selling “live, persistent Administrative Access” to the site’s backend for a high price ($5,000 – $10,000).

The “smoking gun” is the seller’s proof of access: they claim (and show evidence) that they have already been compromising the site, having “redirected 5,674 card payments last month.”

This is a classic, high-severity “Magecart” (web skimming) attack. The attacker is not selling a stale database; they are selling the live machine that “skims” new credit cards, in real-time, as customers type them in.

The key capability is the “ability to inject JavaScript code,” which is the exact mechanism of a Magecart attack. The attacker places malicious JavaScript on the payment page, and this code steals all payment data (Card #, CVV, Name, Address) before it even hits the shop’s server.

Key Cybersecurity Insights

This is a high-severity, “Code Red” financial fraud emergency. The threat is live, active, and ongoing.

1. CATASTROPHIC: “Live Magecart / Web Skimming” Attack: (As noted). This is the #1, catastrophic, immediate threat. The shop’s customers are actively having their credit cards stolen right now. The “5,674 redirected payments” proves the malicious JavaScript is live and working. This is a catastrophic, Level 1 violation of the PCI-DSS (Payment Card Industry Data Security Standard).
2. “The ‘IAB’ & The ‘Persistent Breach'”: (As noted). The seller is an Initial Access Broker. The “last month” data proves this is not a new breach. The attacker has been inside the admin panel for weeks (or months), undetected. The shop is still compromised. The seller is now “cashing out” by selling their persistent, “golden key” access to another criminal group for a high price.
3. “The ‘High Price’ = High Traffic”: (As noted). The $5k-$10k price confirms this is not a small, dead shop. It’s an active, high-traffic Chilean e-commerce site, making the “skimming” operation highly profitable, justifying the high price.
4. Catastrophic Regulatory Failure (Chile – Law 19.628): (As noted). This is a severe data breach under Chile’s Law 19.628 (On the Protection of Private Life). The company is legally required to report this. The fines from both the regulator and PCI-DSS (which can be $500,000+) will be company-ending.

Mitigation Strategies

This is a “Code Red,” “Assume Breach” incident. The only priority is to stop the live skimming.

For the (unnamed) Chilean Shop:

• MANDATORY (Priority 1): “KILL SWITCH” NOW. Immediately take the website offline or (at minimum) disconnect the payment gateway. You are actively leaking customer credit cards every second.
• MANDATORY (Priority 2): Activate “Assume Breach” IR Plan: (As suggested). This is a “Code Red.” Engage a PCI-DSS Forensic Investigator (PFI) immediately. This is a legal requirement now.
• MANDATORY (Priority 3): Hunt for the Malicious JS: (As suggested by CSP). The first technical step is to scan all .js files, all PrestaShop theme files (.tpl), and (critically in PrestaShop) all database “HTML block” modules to find the injected skimming code.
• MANDATORY (Priority 4): Force Password Reset & Enforce MFA NOW! (As suggested). The admin account is compromised. Force a password reset on all admin/employee accounts and enforce Multi-Factor Authentication (MFA).
• MANDATORY (Priority 5): Report to Regulators & Banks: Immediately report this to Chile’s CMF (Financial Market Commission), the AAIP (for Law 19.628), and all payment processors (e.g., Visa, Mastercard, Transbank).

For the CUSTOMERS of the (unnamed) Chilean Shop:

• CRITICAL (Priority 1): Cancel Your Card NOW. If you shopped at any Chilean PrestaShop site “last month” (i.e., October 2025), call your bank immediately and cancel your credit card. Assume it is compromised.
• CRITICAL (Priority 2): Monitor Statements 24/7: Check your bank statements now for fraudulent charges.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? This analysis is based on threat intelligence from a dark web forum. A breach involving live admin access and proven, active credit card skimming (Magecart) is one of the most severe, time-sensitive, and financially devastating attacks an e-commerce business can suffer. Brinztech provides cybersecurity services worldwide and do not endorse or guarantee the accuracy of external claims. For any inquiries or to report this post, please email: contact@brinshtech.com