Security News > 2020 > December > Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout

Just in time for a busy online holiday shopping season, the Magecart gang has come up with a new credit-card skimming technique for hijacking PayPal transactions during checkout.

Magecart is an umbrella term encompassing several different threat groups who all use the same attack method: They compromise e-commerce websites to inject card-skimming scripts on checkout pages, stealing unsuspecting customers' payment card details and other information entered into the fields on the page.

The attack does this by pre-filling fake PayPal forms to be displayed during a victim's checkout process instead of the legitimate one, which boosts the likelihood the person shopping will fall victim to the malicious action.

The skimmer even parses info before filling in PayPal forms and, if the data is not good, it actually sends a message back to the page on the victim's site, removing the malicious iframes from the checkout page.

A Magecart spinoff group called Fullz House group targeted an unlikely victim in Boom! Mobile's, targeting the wireless service reseller's website with an e-commerce attack.

News URL

https://threatpost.com/magecart-hijacks-paypal-transactions/161697/