HQ/EMEAFind out how we can help your business
The Casio UK online store allegedly suffered a hack last month that resulted in customers’ heist of credit card information.
Reports revealed that the hack was on casio[.]co[.]uk and customers who purchased on specific dates last month may have compromised their personal and credit card information.
Researchers claimed the attackers exploited the Magento vulnerabilities while targeting 17 other websites. However, the names of the different companies will be undisclosed until researchers work with the impacted sites to remove the infections.
The hack on the Casio UK online store uses skimmers.
According to investigations, the hackers used a basic first-stage skimmer planted on the Casio UK online store to retrieve a second-stage skimmer from a Russian hosting provider.
The attackers use proprietary encoding and string concealment via XOR to obfuscate the second-stage skimmer to avoid detection. Once victims add products to their virtual cart, the skimmer loads a false checkout form rather than taking them to the actual checkout page.
In addition, the attackers did not imitate the form used by Casio UK’s overall website theme, and it will not activate if the online shoppers press the “buy now” button, meaning the operators are not sophisticated threat actors.
Still, the malicious form is intended to steal the customer’s private information, like billing addresses, email addresses, phone numbers, credit card holder’s names, credit card numbers, expiration dates, and CVV codes.
After providing all these details, the victim will encounter a phoney error and be redirected to Casio UK’s legitimate checkout page, where they can complete their checkout process. The stolen data is encrypted with AES-256-CBC and sent to the attacker’s server, which in all cases has a Russian IP address.
This Japanese company has recently experienced multiple data breaches and a ransomware attack that affected numerous departments and services. Early this month, the corporation admitted that the ransomware attack it suffered in October 2024 compromised the personal information of around 8,500 people.
Potentially impacted customers who used the UK-based online shopping platform should be wary about their digital presence and account activity. The threat actors could have already acquired data from the attack, which would have allowed them to execute other malicious activities.
