Magecart Groups Attack Sites

English

Magecart groups attack sites, with a malicious infrastructure named "Magecart" , for stealing payment details from online shops.

Since March 2016, numerous credit cards and other details, have been stolen during payment from dozens of online shops worldwide.

Magecart groups attack sites.

The criminal hackers inject malicious javascript code or a simple keylogger, to the payment details form and when you click send, your name, address, creditcard info including cvv are sent to the hackers server.

This means that the information got stolen even if the seller worked according to PCI standards and did not keep credit card details in a database after purchase completion.

This method is different than other ways of stealing payment details, such as infecting the buyer’s computer, implanting malware in Point of Sale terminals, or dumping entire databases from breached online shops.

Magecart is software used by a range of hacking groups for injecting malicious code into ecommerce sites to steal payment details.

The hackers all use the same software, specifically to compromise websites built on the "Magento e-commerce platform".

One of the most famous hacks, was the attack on British Airlines, where they had 380,000 card details stolen via this class of attack.

What's new this three years later is that according to research from PerimeterX, multiple Magecart attacks are skimming credit cards from sites at the same time.

These don’t seem to be coordinated, according to the firm, given that each of the attacks were different in terms of the techniques used to compromise the target retailers.

The tools used are so-called skimming kits, sold on the Dark Web forums.

“Cybercriminals are taking advantage of any new opportunity. When a specific type of attack has been published or exposed and studied, many crime groups will try and take advantage of the new attack and the new techniques used in it.”

PerimeterX researchers found the Sixth June skimmed data being posted to a domain called mogento[dot]info, which was also hosting the skimmer.

Scanning the web for other sites posting data to that same domain uncovered several other infected sites, including tubing-and-valve specialist PEXSuperstore.com.

Further investigation showed that PEXSuperstore was also infected with a second Magecart skimmer, only this one was exfiltrating card data to https://assetstorage[dot]net/PEXSuperstore.com.

“The two skimmers were completely different from each other in terms of code, obfuscation level and complexity,” explained PerimeterX research lead Mickey Alton, in a posting on Monday. “But, both attacks targeted Magento-based sites and used similar methods of code injection, and served malicious first-party code to unsuspecting users.”

More specifically, the Sixth June attacker directly compromised the PEXSuperstore website (e.g., used “first-party code”), with a decoy code snippet that masqueraded as a Google Analytics script.

The second Magecart attacker on the other hand compromised the website by simply modifying the website’s own script related to the checkout process, injecting skimming code at the bottom of the original script.

The latter is more common, so my advice is scan your site on daily basis for changes in code, especially if something new has been added.

You can learn more here about Magecart.

Featured Sponsors

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers

This time Linux Foundation has a really great offer, you wouldn't want to miss out on !

It is valid between: 10/17/2019 - 12/31/2019

Get a FREE Dell Chromebook 11 with qualifying Linux Foundation instructor-led course purchase!