• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Apple addressed the seventh actively exploited zero-day

 | 

Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection

 | 

A Scattered Spider member gets 10 years in prison

 | 

FBI: Russia-linked group Static Tundra exploit old Cisco flaw for espionage

 | 

US CERT/CC warns of flaws in Workhorse Software accounting software used by hundreds of municipalities in Wisconsin

 | 

DOJ takes action against 22-year-old running RapperBot Botnet

 | 

Google fixed Chrome flaw found by Big Sleep AI

 | 

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

 | 

A hacker tied to Yemen Cyber Army gets 20 months in prison

 | 

Exploit weaponizes SAP NetWeaver bugs for full system compromise

 | 

Allianz Life security breach impacted 1.1 million customers

 | 

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

 | 

AI for Cybersecurity: Building Trust in Your Workflows

 | 

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

 | 

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

 | 

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Magecart hackers compromise another 80 eCommerce sites

Magecart hackers compromise another 80 eCommerce sites

Pierluigi Paganini August 28, 2019

Security experts at Aite Group and Arxan Technologies have discovered that hackers under the Magecart umbrella have compromised 80 more eCommerce sites.

Security experts at Aite Group and Arxan Technologies have discovered that Magecart hackers continue to target online stores to steal credit card data, in recent operations, they have compromised 80 more eCommerce sites.

All of these websites were running an outdated version of Magento which is vulnerable to formjacking and digital card skimming. One out of four of the hacked eCommerce sites were large brands in motorsports and luxury retail.

“New research conducted by advisory firm Aite Group revealed that 100% of the eCommerce  websites examined were not protected — making them easy prey for Magecart attacks. Even more startling is the fact that it took only 2.5 hours of research to uncover the 80 compromised sites.” reads the analysis published by the experts.

Security firms have monitored the activities of a dozen Magecart groups at least since 2015. The gangs use to implant skimming script into compromised online stores in order to steal payment card data on, but they are quite different from each other. 

According to a joint report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.

The list of victims of Magecart groups is long and includes several major platforms such as British Airways, Newegg, Ticketmaster, MyPillow and Amerisleep, and Feedify. ​​

Magecart Formjacking Attack

According to experts, the 80 eCommerce sites were not hacked by a single group of Magecart hackers.

The researchers used a source code search engine to search for obfuscated JavaScript online that matched with malicious patterns previously associated with credit card skimmers used by Magecart. The expert quickly uncovered more than 80 e-commerce websites compromised by Magecart groups.

“To conduct this research, Aite Group used a source code search engine that scoured the web for obfuscated JavaScript that was found in repeating patterns of previously published Magecart breaches on pastebin.com.” reads the report published by the experts.

“What was uncovered in this research is e-commerce websites’ systemic lack of in-app protection to secure their web forms and the failure of endpoint security solutions on the client side to protect consumers against this pervasive threat.”

Many of the sites compromised by Magecart are running version 1.5, 1.7, or 1.9 that are known to be vulnerable to arbitrary file upload, remote code execution, and cross-site request forgery vulnerabilities. These flaws could be exploited by threat actors to inject the formjacking code into the site.

The researchers reported their findings to federal law enforcement and are notifying all affected organizations. Because the investigation is still ongoing, experts have decided not to name the victim sites.

The researchers also focused their analysis on the methods used by Magecart groups to monetize their efforts. Once obtained the credit card data the hackers sell them on the dark web forums, they also purchase merchandise on legitimate online shopping sites and ship them to pre-selected merchandise mules in an attempt to launder the fraudulent transactions.

“The attacker has the purchased items shipped to their merchandise mules. To recruit merchandise mules, the attacker posts jobs that offer people the ability to work from home and earn large sums of money to receive and reship merchandise purchased with the stolen credit card numbers.” continues the report.

“The mules then work with shippers willing to receive under-the-table pay to ship to eastern European addresses, which are in countries on the sanctioned shipping destinations for the Office of Foreign Assets Control (OFAC) regulations. The under-the-table shippers then ship the merchandise to the eastern European destinations, where it is sold to local buyers, which the attacker also profits from as a second line of revenue from the original breach in addition to the sale of the fullz on black market sites.”

Let me suggest to read the report that also includes solutions proposed by the experts to secure the eCommerce sites.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Magecart, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

card skimming Formjacking Hacking hacking news information security news MageCart Pierluigi Paganini Security Affairs

you might also like

Pierluigi Paganini August 21, 2025
Apple addressed the seventh actively exploited zero-day
Read more
Pierluigi Paganini August 21, 2025
Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Apple addressed the seventh actively exploited zero-day

    Security / August 21, 2025

    Hackers deploy DripDropper via Apache ActiveMQ flaw, patch systems to evade detection

    Malware / August 21, 2025

    A Scattered Spider member gets 10 years in prison

    Cyber Crime / August 21, 2025

    FBI: Russia-linked group Static Tundra exploit old Cisco flaw for espionage

    Intelligence / August 21, 2025

    US CERT/CC warns of flaws in Workhorse Software accounting software used by hundreds of municipalities in Wisconsin

    Security / August 21, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT