Security News

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar
2021-11-04 12:51

A new Magecart threat actor is stealing people's payment card info from their browsers using a digital skimmer that uses a unique form of evasion to bypass virtual machines so it targets only actual victims and not security researchers. Detecting VMs used by security researchers and sandboxing solutions that are set to pick up Magecart activity is "The most popular method" used to evade detection, Segura said.

Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration
2021-07-11 21:00

Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection. "One tactic that some Magecart actors employ is the dumping of swiped credit card details into image files on the server [to] avoid raising suspicion," Sucuri Security Analyst, Ben Martin, said in a write-up.

Magecart Goes Server-Side in Latest Tactics Changeup
2021-05-17 21:46

Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September's gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach. The credit-card skimmer group is using PHP web shells to gain remote administrative access to the sites under attack to steal credit-card data, rather than using their previously favored JavaScript code, which they simply injected into vulnerable sites to log the information keyed into online checkout sites, according to Malwarebytes Labs' Threat Intelligence Team.

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons
2021-05-14 04:45

Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms with an aim to steal financial information from their users. Injecting web skimmers on e-commerce websites to steal credit card details is a tried-and-tested modus operandi of Magecart, a consortium of different hacker groups who target online shopping cart systems.

Magecart Attackers Save Stolen Credit-Card Data in .JPG File
2021-03-16 16:40

Magecart attackers have found a new way to hide their nefarious online activity by saving data they've skimmed from credit cards online in a.JPG file on a website they've injected with malicious code. "The creative use of the fake.JPG allows an attacker to conceal and store harvested credit card details for future use without gaining too much attention from the website owner," he wrote.

Stealthy Magecart malware mistakenly leaks list of hacked stores
2020-12-18 14:47

A list of dozens of online stores hacked by a web skimming group was inadvertently leaked by a dropper used to deploy a stealthy remote access trojan on compromised e-commerce sites. Researchers at Sansec, a security company focused on protecting e-commerce stores from web skimming attacks, said that the malware was delivered in the form of a 64-bit ELF executable with the help of a PHP-based malware dropper.

Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout
2020-12-01 13:18

Just in time for a busy online holiday shopping season, the Magecart gang has come up with a new credit-card skimming technique for hijacking PayPal transactions during checkout. Magecart is an umbrella term encompassing several different threat groups who all use the same attack method: They compromise e-commerce websites to inject card-skimming scripts on checkout pages, stealing unsuspecting customers' payment card details and other information entered into the fields on the page.

Ticketmaster cops £1.25m ICO fine for 2018 Magecart breach, blames someone else and vows to appeal
2020-11-13 15:30

Key to the criminals' success was Ticketmaster's decision to deploy a Javascript-powered chatbot on its website payment pages, giving criminals an easy way in by compromising the third party's JS - something the ICO held against Ticketmaster in its decision to award the fine. Ticketmaster 'fessed up to world+dog in June that year, and the final damage has now been revealed by the Information Commissioner's Office: 9.4m people's data was "Potentially affected" of which 1.5m were in the UK; 66,000 credit cards were compromised and had to be replaced; and Ticketmaster itself doesn't know how many people were affected between 25 May and 23 June 2018.

British Airways fined £20m for Magecart hack that exposed 400k folks' credit card details to crooks
2020-10-16 12:15

British Airways is to pay a £20m data protection fine after its 2018 Magecart hack - even though the Information Commissioner's Office discovered the airline had been saving credit card details in plain text since 2015. It also condemned BA's claims during fine negotiations that credit card data breaches are "An entirely commonplace phenomenon" and "An unavoidable fact of life".

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack
2020-10-06 17:39

The approach is reminiscent of core Magecart group attacks, but in this case, the attack was the work of the Fullz House group, according to Malwarebytes, which is a Magecart splinter group that's mainly known for its phishing prowess. The group has been analyzed in the past, and gets its name from the use of carding sites to resell "Fullz," an underground slang term meaning a full set of an individual's personally identifying information plus financial data.