Magecart

Researchers discovered a new wave of Magecart skimming attacks on a focus Camera-based e-commerce Website to steal the credit card data by injecting web skimmers.

Magecart is a fast-growing cyberattack that attacks an online shopping cart system particularly attacks Magento systems.

Very recently GBHackers reported that hackers using new evasion techniques in Web skimmers to bypass the detection & Steal Credit Card data.

The threat actors use to gain access to the website and inject’s malicious javascript that steals the payment card details from the shoppers.

The latest victim of such an attack is the Focus Camera, a popular photography and imaging retailer store.

MageCart Attack – Focus Camera

The MageCart hackers injected skimming scripts into the checkout patches of the website that catches payment data and sent to the attacker’s server.

MageCart hackers have managed to access the source code of the web site and modify a javascript file to inject the malicious payload and the particular script has been modified by the threat actor to append an obfuscated base64 encoded javascript routine.”

Hahad from Juniper Networks observed that credit card data provided on the website saved at two different locations.

The first location belongs to the legitimate focuscamera[.]com payment processing system.

The second location is the fraudulent domain zdsassets[.]com that mimics the popular ZenDesk domain named zdassets.com.

Details submitted in the attacker’s server

Fake domain found to be registered on November 11, 2019, according to the Whois data, so the attack found to have lasted more than a month.

“Based on some DNS telemetry we have access to, this C&C domain has been resolved 905 times since it was created, which may be an indication of the number of victims of this card skimming operation.”

Juniper Networks reached out to site owners and the malicious code has been removed from the website. It is unclear how many customer details were stolen.

Decoded Credit Card Skimming Script

These skimming scripts not only scraps the payment card, but it also grabs other information added in the checkout page such as Name, Email, Phone numbers, and other details.

Recently it was observed that several web stores that sell counterfeit goods are affected by credit card skimmer that aimed to steal the customer credit card details.

MageCart continues to pose a significant risk to online shopping and is expected to be one of the top cybersecurity stories of 2020. site owners recommended guarding against this attack by ensuring the integrity of their site’s source code.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Leave a Reply