Security News > 2020 > June > Magecart Hackers Target U.S. Cities Using Click2Gov
Magecart web skimmers were found on the websites of eight cities in the United States and one thing they have in common is that they all use the Click2Gov platform, Trend Micro reports.
Designed for community engagement, reporting of issues, and online payments, the Click2Gov web-based platform is used by local governments across the United States and has been the victim of financially-motivated threat actors in both 2018 and 2019.
As part of the attacks, which likely started on April 10, 2020, the hackers placed a custom JavaScript-based skimmer onto the compromised websites, to harvest and exfiltrate credit card data and the personal information of residents, typical to a Magecart compromise.
The skimming code, which was designed specifically to target Click2Gov payment forms, is triggered when the victim makes an online payment on the compromised website.
"One of the servers was used for three sites, while the other server used for the remaining five sites. The two skimmers used are identical, save for the change in the hostname of the exfiltration servers," Trend Micro fraud researcher Joseph C. Chen explains.