Payment Pages Are Being Compromised To Steal Data 

October 9, 2018

Written by wukovits

Symantec’s most recent statistics have revealed a disturbing trend.  Malware designed to compromise checkout pages is seeing a big spike in use, with the company reporting a staggering 248,000 attempts since August 13th of this year, with more than a third of them (36 percent) between September 13th through September 20th. As disturbing as those numbers are, that’s just the tip of the iceberg.

As Symantec notes on their website:

“If we compare the week of September 13 to 20 to the same week in August, the number of instances of formjacking attacks blocked by Symantec more than doubled, jumping from just over 41,000 to almost 88.500 – a percentage increase of 117 percent.”

Leading the surge is a particularly nasty strain of malware known as “Magecart.”  Magecart campaigns are quite robust that begin by breaching the target website, then injecting malicious scripts into it that are designed to scrape card details and other customer information provided during the checkout process. This is an attack that’s alternately known as formjacking, payment card scraping, and web-based skimming.

Symantec isn’t the only company to take note of the trend.  RiskIQ has been sink holing domains associated with Magecart infrastructure for much of the month and alerting companies compromised by Magecart attacks as they find them.

Kevin Beaumont, an independent security researcher, had this to say via Twitter:
“#TrackingMagecart I’ve updated the IoCs to double the number of domains, now tracking over 1000 objects – some of the domains have now been sink holed.  Recommend InfoSec vendors block/flag domains.”

Magecart isn’t new.  Security researchers have been tracking it since 2015, and independent researcher Willem de Groot has created a malware scanning website called MageReport, which allows business owners to check to see if their Magento-based webshop is vulnerable to this type of attack.  If you think you might be, it certainly bears making use of.

At present, the one thing that’s not known is the reason behind the sudden spike.  Only that it’s happening.

Used with permission from Article Aggregator

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.

Thank you for contacting Bayou Technologies. We'll be in touch soon!

Need help? support-icon