Security researchers spotted a new massive payment card skimming campaign that already compromised 962 online stores running on the Magento CMS. Sanguine Security researcher Willem de Groot, who uncovered the attacks, believes that the cybercriminals behind the campaign somehow managed to automate the attacks seeing that the card skimming script was added within a 24-hour timeframe, which is nearly impossible to do manually in such a short time.
Although Sanguine Security did not share information on how exactly such automated Magecart attacks against e-commerce websites would work the procedure most likely involved scanning for and exploiting security flaws in the stores' software. De Groot speculates that threat actors may have compromised the sites that were not patched against PHP object injection exploits. The company is still investigating the incident so at the moment it is unclear how the online stores were hacked, but the researchers have decoded the JavaScript-based payment data skimmer script and uploaded it to GitHub Gist. The skimmer script is able to gather credit card data, names, phones, and addresses from compromised websites.
According to de Groot, the list of hacked sites includes victims from around the world and while most of them are small, several stores belong to large enterprises.
The security researcher who is known online as Micham discovered another attack attributed to the Magecart group, hackers injected a malicious skimmer in the The Guardian site via old AWS S3 bucket and using wix-cloud[.]com as a skimmer gate.
Magecart – is an umbrella term used to cover a number of cybercriminal groups specializing in skimming credit card details from unsecured payment forms on websites. Security firms have been tracking the activities of a dozen Magecart groups since at least 2015. The hacking groups implant skimming script into compromised online stores in order to steal payment card data, but they are quite different from each other and some of them use more advanced techniques, in particular, Group 4 appears to be more sophisticated.
