Trend Micro recently discovered a new Magecart campaign targeting webshops hosted on the Volusion platform. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the payment card information of visitors. Last month, threat actors compromised 3,126 online stores, including the Sesame Street Live online store.
The campaign was a supply-chain attack, since the hackers were able to attack thousands of websites at once by targeting a JavaScript library that Volusion serves to its clients. According to Trend Macro’s report, “the skimmer copies the information on the entire payment form: the victim’s name, address, phone number, email address, and credit card details (the number, cardholder name, expiration month, expiration year, and CVV number).” Volusion resolved the issue after being alerted by Trend Micro.
Read more: Magecart Attack on eCommerce Platform Hits Thousands of Online Shops