A security researcher discovered that credit card-stealing malware was inserted into the code of the American Cancer Society’s online store, according to TechCrunch.
Willem de Groot discovered the malicious code buried deep, and hidden to look like analytics code. It was meant to scrape credit card numbers for sale on the dark web or other malicious activities.
There have been similar attacks on Newegg, AeroGarden, British Airways and Ticketmaster. The attackers are a hacking group called Magecart, and they’ve been known to attack others in similar ways.
The code is meant to send the numbers to a third-party server, but it was malformed and put in twice. De Groot decoded the information and discovered the web address of the server. The domain is registered in Moscow, but the website that exists only as a decoy page.
The code was removed on Friday (Oct. 25), and it’s not currently known how many people were affected by it. TechCrunch recommends anyone who used a credit card on the American Cancer Society website to contact their payments provider.
There are at least six different groups operating as Magecart, according to TechCrunch, and security researcher Yonathan Klijnsma, who works at RiskIQ, has been tracking them for a while.
He said they’re a “thriving criminal underworld that has operated in the shadows for years.”
“Magecart is only now becoming a household name,” he added.
The first Magecart group started as early as 2014, when it would set its sights on thousands of sites and then store the stolen data. Groups 2 and 3 started skimming credit cards, and group 4 hacked more than 3,000 sites and grabbed as many card numbers as it could.
Groups 5 and 6 did some of the more high-profile attacks, with the latter responsible for British Airways and Newegg. If the malicious code is discovered, the perpetrators simply move on to another site.