Security researchers spotted a new massive payment card skimming campaign that already compromised 962 online stores running on the Magento CMS. Sanguine Security researcher Willem de Groot, who uncovered the attacks, believes that the cybercriminals behind the campaign somehow managed to automate the attacks seeing that the card skimming script was added within a 24-hour timeframe, which is nearly impossible to do manually in such a short time.
According to de Groot, the list of hacked sites includes victims from around the world and while most of them are small, several stores belong to large enterprises.
The security researcher who is known online as Micham discovered another attack attributed to the Magecart group, hackers injected a malicious skimmer in the The Guardian site via old AWS S3 bucket and using wix-cloud[.]com as a skimmer gate.
Magecart – is an umbrella term used to cover a number of cybercriminal groups specializing in skimming credit card details from unsecured payment forms on websites. Security firms have been tracking the activities of a dozen Magecart groups since at least 2015. The hacking groups implant skimming script into compromised online stores in order to steal payment card data, but they are quite different from each other and some of them use more advanced techniques, in particular, Group 4 appears to be more sophisticated.