Don’t Be Fooled by Their Sleek, Modern Looks — It’s Magecart!

April 28, 2023IRavie LakshmananOnline Security/Web Hacking


One in progress Mageccart The campaign has drawn the attention of cyber security researchers for exploiting realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users.

“The threat actor used original logos from the compromised store and customized a web element known as a modal to seamlessly hijack the checkout page,” said Jérôme Segura, director of threat intelligence at Malwarebytes . “The most notable thing here is that the skimmer looks more authentic than the original payment page.”

The term Magecart is a collective term that refers to various cybercriminal groups that use online scanning techniques to steal personal data from websites, most commonly customer data and payment information on e-commerce websites.

The name comes from the initial orientation of groups in the Magento platform. According to data shared by Sansec, the first Magecart-like attacks were observed as early as 2010. As of 2022, it is estimated that more than 70,000 stores were compromised by a web skimmer.

These digital crawling attacks, also called formjacking, traditionally take advantage of various types of JavaScript trickery to siphon sensitive information from website users.

The latest iteration, as observed by Malwarebytes at an unnamed Paris travel accessories store running on the PrestaShop CMS, involved the injection of a skimmer called Kritec to intercept the checkout process and display a checkout dialog false to the victims.

Kritec, previously detailed by Akamai and Malwarebytes in February 2023, has been found to impersonate legitimate third-party providers such as Google Tag Manager as an evasion technique.

The cyber security firm said the skimmer is complex and highly obfuscated, with the malicious mod loaded by selecting a credit card as a payment option from the compromised website.

After the payment card details are collected, a fake payment cancellation error message is briefly displayed to the victim before redirecting them to the actual payment page where the payment will be made.

“The skimmer will drop a cookie that will serve as an indication that the current session is now marked as finished,” explained Segura. “If the user has to go back and try the payment again, the malicious modal would no longer be displayed.”


Learn how to stop ransomware with real-time protection

Join our webinar and learn how to stop ransomware attacks with real-time MFA and service account protection.

Save my seat!

The threat actors behind the operation are said to be using different domains to host the skimmer, which are given similar names: “[name of store]-loader.js”, suggesting that the attacks are targeting different online stores with custom mods.

“Discerning whether an online store is trustworthy has become very difficult and this case is a good example of a skimmer that would not raise any suspicion,” Segura said.

The findings come a little more than two months after Malwarebytes discovered another web skimmer that collects browser fingerprint data, such as IP addresses and user agent strings, along with credit card information, likely in an attempt to control invalid users such as bots and security researchers. .

Did you find this article interesting? Follow us at Twitter and LinkedIn to read more exclusive content we publish.

Source link
Technology has been changing at a rapid rate and with this fast-paced change comes the potential for cyber-crime. Magecart is a term used to describe a malicious form of cyber-attack that effectively hijacks online shopping carts, stealing credit card info, compromising passwords, and other delicate pieces of personal data from unsuspecting users. As you can imagine, this type of criminal activity is a concern for all business owners, particularly those who rely on secure online transactions.

Despite their sleek, modern looks, Magecart attacks are quite dangerous and can have serious financial and reputational consequences. In order to successfully protect your business from this type of cyber-crime, it is important to understand how Magecart works and what you can do to mitigate the risk.

Magecart attackers are particularly interested in hijacking customer payment information as it is a beneficial resource for them. They usually target vulnerable web applications and plugins, and inject malicious code into them. This code is designed to track customer payment information, and is often difficult to detect by conventional means, as it is designed to remain undetected until it is used.

When a Magecart attack succeeds, it can have devastating consequences. The attackers can then use the stolen payment details to make purchases and transfer funds, exposing the businesses and their customers to financial losses. In some cases, the attackers also modify or delete customer accounts, making them vulnerable to follow-up attacks or fraud.

Fortunately, there are steps businesses can take to protect themselves from Magecart attacks. The most important thing is to remain vigilant about security and regularly update and patch web applications, plugins, and other digital components.

At Ikaroa, we are committed to providing innovative and secure digital solutions that help keep businesses and customers safe from cyber-criminals. Our platform helps identify Magecart weaknesses within a business and provides customised solutions to provide comprehensive security. We also offer our customers comprehensive support and advice on how to keep their systems secure. Contact us today to find out how we can help protect your business.


Leave a Reply

Your email address will not be published. Required fields are marked *