Around 500 e-commerce websites have been infiltrated by MageCart attackers, who apparently installed digital credit card skimmers to harvest users’ personal data, including card numbers, email addresses, phone and more.
MageCart is an umbrella term for rival cyber gangs that crawl e-commerce sites with the sole purpose of slipping skimmers into unsuspecting sites, which then unleashes malicious code, according to Sansec, a malware detection and e-commerce vulnerabilities.
Once the skimmer is in place, visitors entering payment information for a purchase unknowingly send a code that relays the data to servers controlled by the attacker.
See also: Remote FinTech Risk Management: In Digital Payments, We Trust, But We Always Verify
Sansec discovered the latest round of infiltrations and said the compromised sites used malicious scripts hosted on the naturalfreshmall.com domain.
“The Natural Fresh skimmer displays a fake payment window, defeating the security of a hosted (PCI compliant) payment form”, Sansec tweetedadding that all payments were directed to a naturalfreshmall payment domain.
The Natural Fresh skimmer displays a fake payment window, defeating the security of a hosted (PCI compliant) payment form. Payments are sent to https://naturalfreshmall[.]com/payment/Payment.php #masshack
— Sansec (@sansecio) January 26, 2022
Read more: Credit card skimmer leads to data breach at Costco
Hackers made changes to existing files and/or inserted different files that offered “no less than 19 backdoors that hackers could use to keep control of the sites in case the malicious script was detected and removed and the vulnerable software would be updated,” according to Sansec.
“It is essential to eliminate each one of them because leaving one in place means that your system will be affected again next week,” according to an article from Sansec.
The infiltrated files were either entirely malicious, or part of Magento code “but had malicious code added”.
Sansec said regardless of the method, they recommend e-commerce sites run a malware scanner to ensure that any skimmers are discovered.
You May Also Enjoy: Ransomware Reaches Beyond Money With More Sinister Goals