Segway store hacked to steal customers' credit cards

2022-01-25 14:59

Segway's online store was compromised to include a malicious Magecart script that potentially allowed threat actors to steal credit cards and customer information during checkout.

MageCart attacks are when threat actors compromise a site to introduce malicious scripts that steal credit card and customer information when people make a purchase.

One such way is to embed the malicious credit card skimmer in normally innocuous favicon files, image files used to display a small icon in a web page's tab.

In reality, the script loaded an external favicon that contained the malicious credit card stealing script.

While this malicious favicon file does contain an image and is properly displayed by the browser, it also included the credit card skimmer script used to steal payment information.

The telemetry data shows that most customers of the Segway store come from the United States, while Australia follows at second place with a significant 39%. BleepingComputer has contacted Segway to learn more about this attack but did not receive a response at this time.

News URL

https://www.bleepingcomputer.com/news/security/segway-store-hacked-to-steal-customers-credit-cards/

#creditcard #hacked