01 Dec 2020

Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout

A new credit card skimmer is utilizing postMessage to create convincing PayPal transactions that are illegitimate and steal payment data. The new credit card skimming campaign comes during the holiday season when more customers are using e-commerce sites and shopping online. The malicious process hijacks PayPal transactions during checkout, causing

Read More
15 Sep 2020

Magecart Attack Impacts More Than 10K Online Shoppers

One of the largest known Magecart campaigns in history occurred over the weekend, impacting nearly 2,000 e-commerce sites. The attacks may have been a result of Magecart operators leveraging a zero-day exploit, however, the exact technicalities of the attack remain unknown. The campaign has affected tens of thousands of customers,

Read More
06 Jul 2020

North Korean hackers linked to credit card stealing attacks on US stores

Research released earlier today connects North Korean nation-state hacking group Lazarus to a campaign that lasted over a year and targeted payment card information of customers of large US and European based retailers. The group allegedly used legitimate websites to exfiltrate stolen credit card data from the companies, known as

Read More
09 Jun 2020

More S3 Buckets Compromised with Magecart and Malicious Redirector

RiskIQ has discovered that Magecart and malicious redirector codes are lurking in misconfigured S3 buckets. Security researchers have warned website owners to check cloud storage resources, verify that their configurations are appropriate. On May 12, the RiskIQ team found Magecart code rising on all three websites run by Endeavor Business

Read More
18 Mar 2020

Magecart Cyberattack Targets NutriBullet Website

A Magecart group has taken over NutriBullet’s website, installing skimmers across the site that aim to steal customer payment card data. Researchers warned the public about the security risk, stating that it was likely Magecart Group 8 behind the cybercrime. A researcher with RiskIQ stated on Wednesday that a JavaScript

Read More
26 Feb 2020

Credit Card Skimmer Running on 13 Sites, Despite Notification

MageCart is a generic name for attackers that inject a script that steals customer payment details in eCommerce sites. MageCart Group 12 has claimed 40 new victims through infecting various shopping websites with information-stealing JavaScript. MageCart Group 12 is just one of the threat actors involved in this type of

Read More
10 Feb 2020

Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites

Magecart group has struck again, this time hitting websites selling Olympic tickets and sites selling things like emergency preparation kits through a recent digital card skimmer attack. The attack aims to steal payment data from various websites. Two tickets sales websites, one called Olympic Tickets and the other called Euro

Read More
14 Jan 2020

Website Collecting Australian Fire Donations Hit by Magecart

A website gathering donations to support the victims of the horrific wildfires in Australia has been attacked by a credential skimming malware, placing thousands of donors at risk. The hack may have compromised donors’ payment information. The attack was carried out using Magecart malware injected into the ATMZOW skimmer on

Read More
07 Jan 2020

Magecart Hits Parents and Students via Blue Bear Attack

In October of last year, Magecart actors breached Blue Bear Software, a major e-commerce platform for educational institutions, the vendor’s parent company Active Networks has announced. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the

Read More
13 Dec 2019

Targeted Attacks Deliver New “Anchor” Malware to High-Profile Companies

A campaign that started in October is being used to deliver financial malware against entities in the manufacturing and retail sectors. Researchers at the Cybereason Nocturnus group have been following the new campaign closely, determining that it commences with a phishing attack to deliver TrickBot and ultimately delivers a relatively

Read More