Monday, March 8, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Magecart Hackers Compromise 80 More eCommerce Sites to Steal Credit Cards

August 29, 2019
in Internet Privacy
Magecart Hackers Compromise 80 More eCommerce Sites to Steal Credit Cards
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity researchers have discovered over 80 Magecart compromised e-commerce websites that were actively sending credit card information of online shoppers to the attackers-controlled servers.

Operating their businesses in the United States, Canada, Europe, Latin America, and Asia, many of these compromised websites are reputable brands in the motorsports industry and high fashion, researchers at Aite Group and Arxan Technologies revealed today in a report shared with The Hacker News.

You might also like

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

In a world that’s growing increasingly digital, Magecart attacks have emerged as a key cybersecurity threat to e-commerce websites.

Magecart is an umbrella term given to different cybercriminal groups that are specialized in secretly implanting online credit card skimmers on compromised e-commerce websites with an intent to steal payment card details of their customers.

These virtual credit card skimmers, also known as formjacking attack, are basically JavaScript code that hackers secretly insert into a compromised website, often on the shopping cart page, designed to capture payment information of customers in real-time and send it to a remote attacker-controlled server.

Magecart is in the news a lot lately for conducting several high-profile heists against major companies including British Airways, Ticketmaster, Newegg, and others.

Flowchart Magecart Formjacking Attack

The newly disclosed campaign doesn’t belong to a single group of Magecart hackers; instead, researchers used a source code search engine to search for obfuscated JavaScript on the Internet with malicious patterns that were previously seen in the Magecart’s virtual credit card skimmers.

According to the researchers, the technique allowed them to quickly uncover more than 80 e-commerce websites compromised by Magecart groups, most of which were found running over outdated versions of Magento CMS that’s vulnerable to an unauthenticated upload and remote code execution vulnerabilities.

“The absence of in-app protection, such as code obfuscation and tamper detection, makes web apps vulnerable to a type of cyberattack called formjacking,” the researchers said.

“Many of the compromised sites are running version 1.5, 1.7, or 1.9. The arbitrary file upload, remote code execution, and cross-site request forgery vulnerabilities all affect Magento version 2.1.6 and below. While it can’t be stated authoritatively that this is what led to the breach of these sites, these are vulnerable versions of Magento that allow adversaries to inject the formjacking code into the site.”

Though the researchers have not named the compromised companies in its report, they worked with federal law enforcement to notify all affected organizations as well as off-site servers prior to publishing their report.

“Because this is an ongoing and active project, we have decided not to name the victim sites,” the researchers told The Hacker News.

In addition, the researchers also analyzed Magecart’s monetization activities and found that besides selling the stolen payment card data on the dark web forums, the attackers also purchase merchandise on legitimate online shopping sites and ship them to pre-selected merchandise mules in an attempt to launder the fraudulent transactions.

“To recruit merchandise mules, the attacker posts jobs that offer people the ability to work from home and earn large sums of money to receive and reship merchandise purchased with the stolen credit card numbers,” the researchers say.

The mules then work with local shippers who receive under-the-table pay to send merchandise to the eastern European destinations, where it is sold to local buyers, eventually profiting attackers as a second line of revenue.

The researchers recommend e-commerce websites to, at foremost priority, update or patch their platform software to the latest version that protects them from known exploits.

Besides this, e-commerce websites should also implement code obfuscation and white-box cryptography to make the web forms unreadable to the adversary, as well as solutions to detect unauthorized modification of website files.

Online shoppers are also advised to regularly review their payment card details and bank statements for any unfamiliar activity. No matter how small unauthorized transaction you notice, you should always report it to your financial institutions immediately.


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

Fortnite X: Rumors Tease an Epic It Chapter Two Crossover

Next Post

Apple will no longer keep Siri audio recordings by default, makes feature opt-in

Related Posts

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
Internet Privacy

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

March 6, 2021
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Internet Privacy

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

March 6, 2021
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Internet Privacy

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

March 6, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Next Post
Apple, Google: We’ve stopped listening to your private Siri, Assistant chat, for now

Apple will no longer keep Siri audio recordings by default, makes feature opt-in

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Here’s an adorable factory game about machine learning and cats
Machine Learning

Here’s an adorable factory game about machine learning and cats

March 8, 2021
How Machine Learning Is Changing Influencer Marketing
Machine Learning

How Machine Learning Is Changing Influencer Marketing

March 8, 2021
Video Highlights: Deep Learning for Probabilistic Time Series Forecasting
Machine Learning

Video Highlights: Deep Learning for Probabilistic Time Series Forecasting

March 7, 2021
Machine Learning Market Expansion Projected to Gain an Uptick During 2021-2027
Machine Learning

Machine Learning Market Expansion Projected to Gain an Uptick During 2021-2027

March 7, 2021
Maza Russian cybercriminal forum suffers data breach
Internet Security

Maza Russian cybercriminal forum suffers data breach

March 7, 2021
Clinical presentation of COVID-19 – a model derived by a machine learning algorithm
Machine Learning

Clinical presentation of COVID-19 – a model derived by a machine learning algorithm

March 7, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Here’s an adorable factory game about machine learning and cats March 8, 2021
  • How Machine Learning Is Changing Influencer Marketing March 8, 2021
  • Video Highlights: Deep Learning for Probabilistic Time Series Forecasting March 7, 2021
  • Machine Learning Market Expansion Projected to Gain an Uptick During 2021-2027 March 7, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates