More S3 Buckets Compromised with Magecart and Malicious Redirector
RiskIQ has discovered that Magecart and malicious redirector codes are lurking in misconfigured S3 buckets. Security researchers have warned website owners to check cloud storage resources, verify that their configurations are appropriate. On May 12, the RiskIQ team found Magecart code rising on all three websites run by Endeavor Business Media. This company hosts chat forums designed for first responders and security professionals.
With the Magecart, RiskI! researchers found a malicious redirector called “pqueryapi1load,” which was first discovered in July 2019 when it compromised S3 bucks previously seeded with digital skimming code. This redirector is linked to a malvertising campaign known to exploit kits and other malicious behavior.