Claire’s, a retail chain selling accessories and beauty supplies, has been compromised in a malware attack alongside its sister brand Icing. According to Sansec researchers, the web skimmer installed on the sites appeared to be from the company and therefore was not suspicious until now. According to researchers, the two online stores were likely compromised between April 25th and April 30th.
Sansec researchers stated that the skimmer is attached to the submit button at the bottom of the checkout form. The process allows for a temporary image to be added to the Demandware Checkout Form, and therefore the image is located on the targeted server and controlled by the attacker. The attacker has now received the full payload because all customer-submitted data is appended to the image address. The hackers reportedly registered the malicious domain used in the attacks one month before, just two days after Claire’s announced all stores would close temporarily.
Read More: Magecart attackers hit Claire’s, Intersport web shops