Magecart Skimmer returns with a new method of attacks


According to the Malwarebytes report, after a long break, Magecart attacks continued and became more secretive. Not only small and medium-sized businesses are under threat: major brands (British Airways, Newegg and Ticketmaster) have already become victims of Magecart cyber attacks.

As part of the Magecart campaign , an attacker can exploit a vulnerability on the CMS server of the site and secretly inject malicious JavaScript code . The code embedded in the payment section on the website collects all the card data entered by the client and sends them to a server controlled by an attacker.

Magecart attacks are difficult to track, as some campaigns are carried out covertly on the server side, since it is easier for scanning tools to detect an attack on the client side.

“If the Magecart operator decides to switch its operations exclusively to the server side, then most companies will immediately lose the ability to detect a malicious campaign”, — said Malware Bytes researcher Jerome Segura.

Recall that a recently launched carding site called “BidenCash” sells credit card data and information about their owners for 15 cents. Also, to
attract an audience, administrators distribute personal data of millions
of users for free.

Start a discussion …