Security News > 2023 > June > Hackers hijack legitimate sites to host credit card stealer scripts
A new Magecart credit card stealing campaign hijacks legitimate sites to act as "Makeshift" command and control servers to inject and hide the skimmers on targeted eCommerce sites.
A Magecart attack is when hackers breach online stores to inject malicious scripts that steal customers' credit cards and personal information during checkout.
The attackers' first step is to identify vulnerable legitimate sites and hack them to host their malicious code, using them as C2 servers for their attacks.
By distributing the credit card skimmers using legitimate websites with a good reputation, the threat actors evade detection and blocks and are freed from needing to set up their own infrastructure.
The first is a heavily obfuscated version containing a list of CSS selectors that target customer PII and credit card details.
Customers of online shops can minimize the risk of data exposure by using electronic payment methods, virtual cards, or setting charge limits to their credit cards.