23 Oct 2019

Magecart 5 Linked to Carbanak Gang

New research by Malwarebytes connects Magecart Group 5, one of the most prominent payment card skimming threat actors, to the notorious Carbanak threat group. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the payment

Read More
18 Oct 2019

Mission Health online store hijack went undetected for years

Mission Health, a health services provider in North Carolina, suffered a breach of its web store that went undiscovered for over three years. The campaign can be considered a Magecart attack, since hackers injected card skimming malware into the online store in order to harvest the payment card data of visitors.

Read More
11 Oct 2019

Magecart Attack on eCommerce Platform Hits Thousands of Online Shops

Trend Micro recently discovered a new Magecart campaign targeting webshops hosted on the Volusion platform. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the payment card information of visitors. Last month, threat actors compromised

Read More
08 Oct 2019

Magecart Skimmers Spotted on 2M Websites

A new report by RiskIQ provides and in-depth look at the evolving Magecart threat. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the payment card information of visitors. The average Magecart breach lasts 22

Read More
26 Sep 2019

Hackers looking into injecting card stealing code on routers, rather than websites

IBM researchers are warning that Magecart actors have been testing malicious card skimming scripts on Layer 7 (L7) routers that are used on large networks to govern traffic based on information like cookies, domain names and browser types in addition to IP addresses, which are used by regular routers. Magecart is

Read More
20 Sep 2019

Magecart Hackers Target Mobile Users of Hotel Websites

Security researchers at Trend Micro are warning about a new Magecart campaign targeting the websites of two International hotel chains. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the payment card information of visitors.

Read More
11 Sep 2019

98 percent of top US websites not prepared against attacks

A new report by Tala Security warns that the vast majority of Alexa top 1000 websites are vulnerable to advanced client-side attacks such as those falling under the Magecart umbrella. In a Magecart attack, hackers inject the checkout page of an otherwise legitimate website with malicious code that enables them

Read More
29 Aug 2019

Magecart Shops for Victims as E-Commerce Market Grows

A researcher with Aite Group recently discovered a cluster of 80 e-commerce websites that had been injected with card-skimming malware by Magecart actors. Magecart is an umbrella term for various criminal groups that attack web shops with the aim of injecting them with malware designed to steal payment card information

Read More
02 Aug 2019

PCI Council & Retail ISAC Issue Magecart Warning

The PCI Security Standards Council and Retail and Hospitality ISAC have issued a joint bulletin to warn about the rise of online skimming attacks like Magecart campaigns. Magecart is an umbrella term for various criminal groups that attack web shops with the aim of injecting them with card skimming malware.

Read More
11 Jul 2019

Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets

Threat actors are taking advantage of misconfigured Amazon S3 cloud storage buckets as part of Magecart campaigns, RiskIQ research shows. Magecart is an umbrella term for various criminal groups that attack web shops with the aim of injecting them with card skimming malware. In addition to targeting websites directly, Magecart

Read More