Security News > 2020 > March > Magecart Cyberattack Targets NutriBullet Website
A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers.
Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer code was first inserted on the website of the blender retailer on Feb. 20, specifically targeting the website's checkout page, where customers input their payment information.
Despite taking down the attacker exfiltration domain, researchers said that they observed the skimmer being removed on March 1, only to be replaced with a new skimmer on the website on March 5.
Researchers again worked with AbuseCH and ShadowServer to take down the new domain; but then, they found another skimmer on the NutriBullet website yet again on March 10.
"We believe the attackers saw that traffic dropped and assumed NutriBullet had cleaned up its site. They then moved the skimmer elsewhere without realizing the domain was defunct."