Security News

Magecart Attack Impacts More Than 10K Online Shoppers
2020-09-14 16:01

According to Sansec Threat Intelligence, online stores running Magento versions 1 and 2 are being targeted in a classic Magecart attack pattern, where e-commerce sites are hacked, either via a common vulnerability or stolen credentials. "On Friday, 10 stores got infected, then 1058 on Saturday, 603 on Sunday and 233 today.Most stores were running Magento version 1, which was announced end-of-life last June. However, some stores were running Magento 2.".

Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
2020-09-01 16:23

The e-commerce card-skimming landscape has a new wrinkle: Cybercriminals affiliated with the Magecart collective are using encrypted messaging service Telegram as a channel for sending stolen credit-card information back to its command-and-control servers. "Telegram is a popular and legitimate instant messaging service that provides end-to-end encryption, [and] a number of cybercriminals abuse it for their daily communications but also for automated tasks found in malware." He added, "The novelty [here] is the presence of the Telegram code to exfiltrate the stolen data."

Magecart’s Success Paves Way For Cybercriminal Credit Card ‘Sniffer’ Market
2020-08-27 14:00

"The biggest takeaway is that there exists a market, demanded by cybercriminals, for threat actors to advertise customized sniffer variants to conduct attacks against e-commerce websites through malicious JavaScript injection," researchers with Recorded Future told Threatpost, on Thursday. One such Russian-speaking threat actor currently making waves is called "Billar," which created and is the sole designer of a payment card sniffer called "Mr.SNIFFA." This sniffer was first debuted on Exploit Forum on Dec. 3, 2019, and is currently being advertised for about $3,000.

Protect your organization in the age of Magecart
2020-08-24 04:30

The continuing wave of attacks by cybercriminal groups known under the umbrella term Magecart perfectly illustrates just how unprepared many e-commerce operations are from a security point of view. Based on the information we have gleaned from previous Magecart attacks, it is obvious that there is no sure-fire way of preventing these types of attacks completely.

Magecart Group Hits 570 Websites in Three Years
2020-07-08 14:15

Over the past three years, one of the groups operating under the Magecart umbrella has targeted over 570 e-commerce websites and likely made more than $7 million, threat intelligence company Gemini Advisory reports. Referred to as Keeper, the group operates 64 attacker and 73 exfiltration domains and has hit targets in 55 countries since April 1, 2017.

Shopped recently in a small online store? Check this list to see if it was one of 570 websites infected with card-skimming Magecart
2020-07-07 23:35

The team at security biz Gemini Advisory said a long-running criminal gang dubbed Keeper compromised hundreds of online shopping sites over the past three years to install the software nasty. We're told 85 per cent were infected after the hackers exploited known flaws in the open-source Magento content management system popular among e-commerce businesses and used by the sites.

Lazarus Group Adds Magecart to the Mix
2020-07-06 17:18

The Lazarus Group, state-sponsored hackers affiliated with North Korea, has added digital payment-card skimming to their repertoire, researchers said, using Magecart code. The analysis found that Lazarus was likely planting Magecart payment skimmers on major online retailer sites as early as May 2019.

Magecart Attacks on Claire's and Other U.S. Stores Linked to North Korea
2020-07-06 12:44

Hackers linked to the North Korean government appear to be behind the Magecart attacks on fashion retailer Claire's and other online stores, Netherlands-based e-commerce security company Sansec reported on Monday. Threat actors linked to North Korea have been known to launch - in addition to espionage and destructive campaigns - financially-motivated attacks, including against cryptocurrency exchanges and banks.

Magecart Hackers Target U.S. Cities Using Click2Gov
2020-06-29 17:09

Magecart web skimmers were found on the websites of eight cities in the United States and one thing they have in common is that they all use the Click2Gov platform, Trend Micro reports. Designed for community engagement, reporting of issues, and online payments, the Click2Gov web-based platform is used by local governments across the United States and has been the victim of financially-motivated threat actors in both 2018 and 2019.

8 U.S. City Websites Targeted in Magecart Attacks
2020-06-26 20:18

Researchers are warning that the websites of eight U.S. cities - across three states - have been compromised with payment card-stealing Magecart skimmers. When asked which city websites were affected in this incident, researchers told Threatpost, "We can't say," adding that Trend Micro "Prioritizes responsible disclosure of security incidents and chooses not to 'name and shame' victims. Our primary goal is to help organizations identify and mitigate these incidents. We have notified the breached parties who will be responsible for handling the situation within each city."