Security experts have uncovered a Magecart large-scale payment card skimming campaign that compromised 962 online stores based on Magento.

Security experts at Sanguine Security have uncovered a new large-scale payment card skimming campaign that already hacked 962 online stores running on the Magento CMS.

Our crawlers detected 962 breached stores last night. It is the largest automated campaign to date (previously: MGCore with 700 stores). Decoded skimmer: https://t.co/CCVakmMrR5 pic.twitter.com/nIHQFwtRXN — Sanguine Security Labs (@eComscan) July 5, 2019

The list of hacked e-commerce also includes a number of websites belonging to enterprise stores.

Sanguine expert Willem de Groot believes the attackers have found a way to automate the attacks, the e-commerce websites were all compromised in just 24 hours. The company is currently investigating the incident, meantime it has uploaded the JavaScript skimmer script to GitHub Gist.

“Even though no information on how such automated Magecart attacks against e-commerce websites would work was shared by Sanguine Security, the procedure would most likely entail scanning for and exploiting security flaws in the stores’ software platform.” reported BleepingComputer that has spoked with de Groot.

The expert speculates that threat actors may have compromised websites that did not install security updates to address PHP object injection exploits.

The skimmer script is able to capture credit card data, names, phones, and addressesù from compromised websites.

Security expert Micham spotted another attack attributed to the Magecart gang, hackers injected a skimmer script in the The Guardian via old AWS S3 bucket and exploiting wix-cloud[.]com as a skimmer gate.

Security firms have monitored the activities of a dozen Magecart groups at least since 2015. The gangs use to implant skimming script into compromised online stores in order to steal payment card data on, but they are quite different from each other.

According to a joint report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.

The list of victims of Magecart groups is long and includes several major platforms such as British Airways, Newegg, Ticketmaster, MyPillow and Amerisleep, and Feedify. ​​

Security experts point out that the cyber crime gang continues to evolve its techniques to hit the greatest number of online stores.

For every Magecart attack that makes headlines, experts detect thousands of other attacks that they don’t disclose, most of them that targeting third-party payment platforms.

Recently Group-IB experts discovered 2,440 compromised stores that were compromised by Magecart groups.

Pierluigi Paganini

( SecurityAffairs – Magecard, hacking)

Share this...

Linkedin Reddit Pinterest

Share On