Archive for the ‘payment card skimming’ Category

Unless you want your payment card data skimmed, avoid these commerce sites

May 8th, 2019
Unless you want your payment card data skimmed, avoid these commerce sites

Enlarge (credit: Mighty Travels / Flickr)

More than 100 e-commerce sites around the world are infected with malicious code designed to surreptitiously skim payment card data from visitors after they make purchases, researchers reported on Wednesday. Among those infected are US-based websites that sell dental equipment, baby merchandise, and mountain bikes.

In total, researchers with China-based Netlab 360 found 105 websites that executed card-skimming JavaScript hosted on the malicious domain magento-analytics[.]com. While the domain returns a 403 error to browsers that try to visit it, a host of magento-analytics[.]com URLs host code that’s designed to extract the name, number, expiration date, and CVV of payment cards that are used to make purchases. The e-commerce sites are infected when the attackers add links that cause the malicious JavaScript to be executed.

One of the infected sites identified by Netlab 360 is ilybean[.]com, an Orlando, Florida, business that sells baby beanies. As the screenshot below shows, the site executes JavaScript hosted at magento-analytics[.]com.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, eCommerce, fraud, JavaScript, payment card skimming | Comments (0)

A new rash of highly covert card-skimming malware infects ecommerce sites

March 14th, 2019
A new rash of highly covert card-skimming malware infects ecommerce sites

Enlarge (credit: Daniel Foster / Flickr)

The rash of e-commerce sites infected with card-skimming malware is showing no signs of abating. Researchers on Thursday revealed that seven sites—each with more than 50,000 collective visitors per month—have been compromised with a previously unseen strain of sniffing malware designed to surreptitiously swoop in and steal payment card data as soon as visitors make a purchase.

One of those sites, UK sporting goods outlet Fila.co.uk, had been infected since November and had only removed the malware in the past 24 hours, researchers with security firm Group-IB told Ars. The remaining six sites—jungleeny.com, forshaw.com, absolutenewyork.com, cajungrocer.com, getrxd.com, and sharbor.com—remained infected at the time this post was being reported. Ars sent messages seeking comment to all seven sites but has yet to receive a response from any of them.

Group-IB has dubbed the JavaScript sniffer GMO after the gmo[.]il domain it uses to send pilfered data from infected sites, all of which run the Magento e-commerce Web platform. The researchers said the domain was registered last May and that the malware has been active since then. To conceal itself, GMO compresses the skimmer into a tiny space that’s highly obfuscated and remains dormant when it detects the Firebug or Google Developer Tools running on a visitor’s computer. GMO was manually injected into all seven sites, an indication that it is still relatively fledgling.

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, eCommerce, fraud, magecart, payment card skimming | Comments (0)