Archive for the ‘magecart’ Category

New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep

March 20th, 2019
Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep. Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code on e-commerce websites with an intent to steal payment card details of their customers silently.

Posted in banking security, credit card hacking, credit card security, Credit Card Skimmers, Credit card skimming, digital skimmer, magecart, Online Security, website hacking, website security | Comments (0)

A new rash of highly covert card-skimming malware infects ecommerce sites

March 14th, 2019
A new rash of highly covert card-skimming malware infects ecommerce sites

Enlarge (credit: Daniel Foster / Flickr)

The rash of e-commerce sites infected with card-skimming malware is showing no signs of abating. Researchers on Thursday revealed that seven sites—each with more than 50,000 collective visitors per month—have been compromised with a previously unseen strain of sniffing malware designed to surreptitiously swoop in and steal payment card data as soon as visitors make a purchase.

One of those sites, UK sporting goods outlet Fila.co.uk, had been infected since November and had only removed the malware in the past 24 hours, researchers with security firm Group-IB told Ars. The remaining six sites—jungleeny.com, forshaw.com, absolutenewyork.com, cajungrocer.com, getrxd.com, and sharbor.com—remained infected at the time this post was being reported. Ars sent messages seeking comment to all seven sites but has yet to receive a response from any of them.

Group-IB has dubbed the JavaScript sniffer GMO after the gmo[.]il domain it uses to send pilfered data from infected sites, all of which run the Magento e-commerce Web platform. The researchers said the domain was registered last May and that the malware has been active since then. To conceal itself, GMO compresses the skimmer into a tiny space that’s highly obfuscated and remains dormant when it detects the Firebug or Google Developer Tools running on a visitor’s computer. GMO was manually injected into all seven sites, an indication that it is still relatively fledgling.

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, eCommerce, fraud, magecart, payment card skimming | Comments (0)

Hackers infect e-commerce sites by compromising their advertising partner

January 16th, 2019
Magecart strikes again, one of the most notorious hacking groups specializes in stealing credit card details from poorly-secured e-commerce websites. According to security researchers from RiskIQ and Trend Micro, cybercriminals of a new subgroup of Magecart, labeled as "Magecart Group 12," recently successfully compromised nearly 277 e-commerce websites by using supply-chain attacks. Magecart

Posted in Card Skimming, credit card, credit card hacking, Credit card skimming, Cyber Attack, debit card hacking, e-commerce websites, eCommerce Software, hacking news, JavaScript code, magecart | Comments (0)

E-commerce site is infected not by one, but two card skimmers

November 20th, 2018
E-commerce site is infected not by one, but two card skimmers

Enlarge (credit: Mighty Travels)

Payment card skimming that steals consumers’ personal information from e-commerce sites has become a booming industry over the past six months, with high-profile attacks against Ticketmaster, British AirwaysNewegg, and Alex Jones’ InfoWars, to name just a few. In a sign of the times, security researcher Jérôme Segura found two competing groups going head to head with each other for control of a single vulnerable site.

The site belongs to sportswear seller Umbro Brasil, which as of Tuesday morning was infected by two rival skimmer groups. The first gang planted plaintext JavaScript on the site that caused it to send payment card information to the attackers as customers were completing a sale. The malicious JavaScript looked like this:

A second gang exploited either the same or a different website vulnerability as the first. The second group then installed much more advanced JavaScript that was encoded in a way to prevent other programs from seeing what it did. This is what it looked like:

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, card skimmers, magecart, website security | Comments (0)