The Magecart gang made the headlines again, the hackers this time compromised the Forbes magazine subscription website.

The Magecart group is back, the hackers this time compromised injected a skimmers script into the Forbes magazine subscription website.

The malicious traffic was spotted by the security expert Troy Mursch,

Chief Research Officer of Bad Packets, on Wednesday.

Magecart hackers have installed malicious JavaScript skimmer on forbesmagazine.com to siphon payment card data entered into the site by subscribers. Crooks injected an obfuscated JavaScript in the HTML code of the payment section, the script decoded is here.

The expert immediately attempted to report his discovery to Forbes via email, but without success.

The payment page was taken down at around 1400 UTC and it is still offline at the time of writing.

A Forbes spokesperson told El Reg that is investigating the incident and that at this stage, it is not aware of the theft of any customers’ credit card information. Recent subscribers should remain vigilant and check their credit card statements for signs of fraudulent activities.

Forbes was likely a victim of a supply chain attack, Magecart hackers have compromised a company that provides services to the media outlet.

During the weekend, the forensic expert Willem de Groot discovered that the records of customers of Picreel, a web marketing software supplier, had been leaked online.

Supply chain attack of the week: @Picreel_

marketing software got hacked last night, their 1200+ customer sites are now leaking data to an exfil server in Panama.



Victims: https://t.co/0qJX6LGEdG



Decoded malware: https://t.co/ZiuhUBP3cf pic.twitter.com/X9uDIctYa9 — Willem de Groot (@gwillem) May 12, 2019

Forbes is one of the customers of Picreel, and Magecart hackers used the leaked data to access Forbes infrastructure and install the skimmer script.

“Last weekend, security researchers surfaced new supply-chain attacks involving Magecart web-skimmers placed on several web-based suppliers, including AdMaxim, CloudCMS , and Picreel. The breaches were part of a large-scale attack that hit a breadth of providers simultaneously intending to access as many websites as possible.” reads the analysis published RiskIQ.

Thousands of other companies that are customers at Picreel are at risk, potentially affected domains are listed here.

Security firms have monitored the activities of a dozen Magecart groups at least since 2015. The gangs use to implant skimming script into compromised online stores in order to steal payment card data, but they are quite different from each other.

According to a joint report published by RiskIQ and FlashPoint in March, some groups are more advanced than others. The list of victims of Magecart groups is long and includes several major platforms such as British Airways, Newegg, Ticketmaster, and Feedify. ​​

Recently the Magecart group stole payment card details from the e-commerce system used by colleges and universities in Canada and the US.

Pierluigi Paganini

( SecurityAffairs – Magecart, Forbes)

Share this...

Linkedin Reddit Pinterest

Share On