Malware Infiltrates 500 eCommerce Sites to Skim Card Data

An estimated 500 eCommerce websites were infiltrated by MageCart attackers, who seemingly installed credit digital card skimmers to lift users’ personal data, including card numbers, email addresses, phone numbers and more.

MageCart is a blanket term to define rival cyber gangs that troll eCommerce sites with the sole purpose of slipping skimmers into unsuspecting sites, which then triggers malicious code, according to Sansec , an eCommerce malware and vulnerability detection firm.

Once the skimmer is in place, visitors entering payment information for a purchase unknowingly send a code that relays the data to the attacker-controlled servers.

See also: Managing Remote FinTech Risk: In Digital Payments We Trust, But Verify Continuously

Sansec discovered the latest slew of infiltrations and said the jeopardized sites had used malicious scripts hosted at the domain

“The Natural Fresh skimmer shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form,” Sansec tweeted , adding that all payments were being directed to a naturalfreshmall payment domain. The Natural Fresh skimmer shows a fake payment popup, defeating the security of a (PCI compliant) hosted payment form. Payments are sent to https://naturalfreshmall[.]com/payment/Payment.php #masshack — Sansec (@sansecio) January 26, 2022 The hackers made changes to the existing files and/or inserted different files that offered “no fewer than 19 backdoors that the hackers could use to retain control over the sites in the event the malicious script was detected and removed and the vulnerable software was updated,” according to Sansec.

“It is essential to eliminate each and every one of them because leaving one in place means that your system will be hit again next week,” per a Sansec article.

The files that were infiltrated were entirely malicious, or part of the Magento code “but had malicious code added to them.”Sansec said regardless of the method, they recommend eCommerce […]

Click here to view original web page at

On y est presque!
À quelle adresse dois-je vous envoyer le Guide?