An estimated 500 eCommerce websites were infiltrated by MageCart attackers, who seemingly installed credit digital card skimmers to lift users’ personal data, including card numbers, email addresses, phone numbers and more.
MageCart is a blanket term to define rival cyber gangs that troll eCommerce sites with the sole purpose of slipping skimmers into unsuspecting sites, which then triggers malicious code, according to Sansec, an eCommerce malware and vulnerability detection firm.
Once the skimmer is in place, visitors entering payment information for a purchase unknowingly send a code that relays the data to the attacker-controlled servers.
See also: Managing Remote FinTech Risk: In Digital Payments We Trust, But Verify Continuously
Sansec discovered the latest slew of infiltrations and said the jeopardized sites had used malicious scripts hosted at the domain naturalfreshmall.com.
“The Natural Fresh skimmer shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form,” Sansec tweeted, adding that all payments were being directed to a naturalfreshmall payment domain.
The Natural Fresh skimmer shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form. Payments are sent to https://naturalfreshmall[.]com/payment/Payment.php #masshack
— Sansec (@sansecio) January 26, 2022
Read more: Credit Card Skimmer Leads to Costco Data Breach
The hackers made changes to the existing files and/or inserted different files that offered “no fewer than 19 backdoors that the hackers could use to retain control over the sites in the event the malicious script was detected and removed and the vulnerable software was updated,” according to Sansec.
“It is essential to eliminate each and every one of them because leaving one in place means that your system will be hit again next week,” per a Sansec article.
The files that were infiltrated were entirely malicious, or part of the Magento code “but had malicious code added to them.”
Sansec said regardless of the method, they recommend eCommerce sites run a malware scanner to ensure all skimmers are discovered.
You may also enjoy: Ransomware Reaches Beyond Money With More Sinister Goals