Threat actors are taking advantage of misconfigured Amazon S3 cloud storage buckets as part of Magecart campaigns, RiskIQ research shows. Magecart is an umbrella term for various criminal groups that attack web shops with the aim of injecting them with card skimming malware.
In addition to targeting websites directly, Magecart hackers have been scanning Amazon S3 in order to find unprotected buckets containing JavaScript files since April of this year. The attackers overwrite JavaScript files in unsecured buckets, adding their card skimming code to the original code. So far, they have already compromised over 17,000 domains this way.
Read more: Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets