Articles New web skimmer found in Shopify, BigCommerce, Woocommerce and...

New web skimmer found in Shopify, BigCommerce, Woocommerce and Zencart stores

-

Sansec experts have discovered a new multi-platform MageCart skimmer that can steal payment information from compromised stores powered by Shopify, BigCommerce, Zencart and Woocommerce (even if they do not support custom scripts for checkout pages).

Let me remind you that initially the name MageCart was assigned to one hack group, which was the first to introduce web skimmers (malicious JavaScript) on the pages of online stores to steal bank card data. But this approach was so successful that soon the group soon had numerous imitators, and the name MageCart became a household name, and now they denote a whole class of such attacks.

Typically, web skimmers target one e-commerce platform, but the researchers’ find works differently. Sansec analysts have identified the new malware in dozens of stores across different platforms. The malware steals payment information by displaying a fake checkout page (before customers see the actual payment form) and also uses a keylogger for card data and personal information.

To avoid detection, the skimmer displays an error after customers click the Continue button to provide the store with their bank card information. After that, the victims will be redirected back to the present ordering and payment form.

The method of data extraction that the skimmer uses is also noteworthy. Attackers use automatically generated domains based on counter and base64 for this purpose (for example, zg9tywlubmftzw5ldza [.] Com and zg9tywlubmftzw5ldze [.] Com). This feature helped researchers understand how long this campaign has been active: the first domain for data extraction was registered on August 31, 2020.

“To summarize, this campaign shows that different platforms are not an obstacle to profitable online skimming fraud. Wherever customers enter their payment details, they are at risk, ”the experts summarize.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you