Security researchers recently detected an active and continuous operation with a large scale, administering Magecart infiltration attacks on legitimate e-commerce websites.
New Magecart Campaign Detected in the Wild
Recent weeks have shown a surge in Magecart-style skimmer campaigns. This new variant is unique in that it makes use of legit websites which enable attackers to hide and use them to target other websites. The strategic objective of Magecart attacks is to take personal information (PII) and credit card details from online stores’ checkout pages.
While typically Magento platforms have been targeted, Akamai researchers spotted a different story with this campaign as it was found to be exploiting Magento, WooCommerce, WordPress, and Shopify, signifying the broadening base of potential vulnerabilities for attackers to abuse.
The threat of web skimming is one that no digital commerce organization should take lightly. Akamai researchers have detected the effects of such a campaign on victims in numerous different countries, with hundreds of thousands of visitors per month being impacted. Clearly, this could mean thousands (or even tens of thousands) of victims of stolen PII and credit card data. What’s worse is that these attacks can go undetected for extended periods of time, leaving victims vulnerable for a long time. This is what happened in 2022 with another wave of Magecart attacks, which saw 2,468 domains remaining actively infected by the year’s end.
How Are the Magecart Attacks against E-Commerce Websites Happening?
This campaign essentially targets two different groups of victims.
The first group consists of host victims – trustworthy sites that are co-opted to secretly host the malicious code used in the attack. This allows the offenders to access victims under the guise of an established site, thereby concealing the malicious activity.
The second group, referred to as web skimming victims, is comprised of vulnerable websites that are the target of a Magecart-style attack employing small JavaScript code snippets, effectively fetching the full attack code from the host malicious domain.
Security researchers expect that similar campaigns will continually occur as the ongoing pursuit of web skimming defense against offense continues. Thus, remaining prepared and investing in the latest in security technologies to outwit the adversaries is highly recommended, Akamai pointed out in their report.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: