Researchers discovered a new wave of Magecart skimming attacks on a focus Camera-based e-commerce Website to steal the credit card data by injecting web skimmers.
Magecart is a fast-growing cyberattack that attacks an online shopping cart system particularly attacks Magento systems.
Very recently GBHackers reported that hackers using new evasion techniques in Web skimmers to bypass the detection & Steal Credit Card data.
The latest victim of such an attack is the Focus Camera, a popular photography and imaging retailer store.
MageCart Attack – Focus Camera
The MageCart hackers injected skimming scripts into the checkout patches of the website that catches payment data and sent to the attacker’s server.
Hahad from Juniper Networks observed that credit card data provided on the website saved at two different locations.
The first location belongs to the legitimate focuscamera[.]com payment processing system.
The second location is the fraudulent domain zdsassets[.]com that mimics the popular ZenDesk domain named zdassets.com.
Fake domain found to be registered on November 11, 2019, according to the Whois data, so the attack found to have lasted more than a month.
“Based on some DNS telemetry we have access to, this C&C domain has been resolved 905 times since it was created, which may be an indication of the number of victims of this card skimming operation.”
Juniper Networks reached out to site owners and the malicious code has been removed from the website. It is unclear how many customer details were stolen.
These skimming scripts not only scraps the payment card, but it also grabs other information added in the checkout page such as Name, Email, Phone numbers, and other details.
Recently it was observed that several web stores that sell counterfeit goods are affected by credit card skimmer that aimed to steal the customer credit card details.
MageCart continues to pose a significant risk to online shopping and is expected to be one of the top cybersecurity stories of 2020. site owners recommended guarding against this attack by ensuring the integrity of their site’s source code.