Trend Micro researchers have uncovered a new Magecart campaign targeting online campus stores in the US and Canada. Magecart is an umbrella term for various criminal groups that attack e-commerce websites with the aim of injecting them with malware designed to steal payment card information of visitors.
The threat actors didn’t go after the websites of campus stores directly, but instead compromised PrismWeb, an e-commerce platform used by North American colleges. By making malicious changes to the platform, the attackers got it to load malicious code onto the websites of 201 campus stores serving 176 US and 21 Canadian colleges. This is not the first Magecart attack targeting the supply chain. In January of this year, 277 e-commerce websites were compromised after threat actors hacked an online advertising company.
Read more: Hackers steal card data from 201 online campus stores from Canada and the US
