8 July 2019

A large-scale Magecart campaign hits over 960 e-commerce stores

A large-scale Magecart campaign hits over 960 e-commerce stores

Security researchers spotted a new massive payment card skimming campaign that already compromised 962 online stores running on the Magento CMS. Sanguine Security researcher Willem de Groot, who uncovered the attacks, believes that the cybercriminals behind the campaign somehow managed to automate the attacks seeing that the card skimming script was added within a 24-hour timeframe, which is nearly impossible to do manually in such a short time.

Although Sanguine Security did not share information on how exactly such automated Magecart attacks against e-commerce websites would work the procedure most likely involved scanning for and exploiting security flaws in the stores' software. De Groot speculates that threat actors may have compromised the sites that were not patched against PHP object injection exploits. The company is still investigating the incident so at the moment it is unclear how the online stores were hacked, but the researchers have decoded the JavaScript-based payment data skimmer script and uploaded it to GitHub Gist. The skimmer script is able to gather credit card data, names, phones, and addresses from compromised websites.

According to de Groot, the list of hacked sites includes victims from around the world and while most of them are small, several stores belong to large enterprises.

The security researcher who is known online as Micham discovered another attack attributed to the Magecart group, hackers injected a malicious skimmer in the The Guardian site via old AWS S3 bucket and using wix-cloud[.]com as a skimmer gate.

Magecart – is an umbrella term used to cover a number of cybercriminal groups specializing in skimming credit card details from unsecured payment forms on websites. Security firms have been tracking the activities of a dozen Magecart groups since at least 2015. The hacking groups implant skimming script into compromised online stores in order to steal payment card data, but they are quite different from each other and some of them use more advanced techniques, in particular, Group 4 appears to be more sophisticated.

Back to the list

Latest Posts

New espionage campaign targets diplomatic missions and governmental institutions in Eastern Europe

New espionage campaign targets diplomatic missions and governmental institutions in Eastern Europe

The Attor malware comes with some unusual capabilities including the use of encrypted modules, Tor-based communications, and a plugin designed for GSM fingerprinting.
11 October 2019
Iran-linked Charming Kitten APT updates its arsenal with new spear-phishing techniques

Iran-linked Charming Kitten APT updates its arsenal with new spear-phishing techniques

The Iranian state-sponsored hackers Charming Kitten employed new spear-phishing methods in a campaign observed in August and September.
10 October 2019
Hackers hit Volusion e-commerce sites in pursuit of customers’ credit card data

Hackers hit Volusion e-commerce sites in pursuit of customers’ credit card data

It is estimated that more than 6,500 sites are affected, that number could be even higher.
10 October 2019
Featured vulnerabilities
Remote code execution in Bento4 media player
High Not Patched | 13 Oct, 2019
Use-after-free in libvips library
Medium Patched | 13 Oct, 2019
Denial of service in MATIO
Low Not Patched | 13 Oct, 2019
Cross-site scripting in Openfire
Low Patched | 12 Oct, 2019