Pierluigi Paganini
December 12, 2019
While sneakers are becoming even more popular, the number of sites offering counterfeit sneakers is rapidly increasing and crooks want to monetize this trend by compromising them.
Researchers at Malwarebytes reported that hackers are now targeting these sites to plant malicious Magecart scripts designed to steal buyers’ credit card information.
“We recently identified a credit card skimmer injected into hundreds of fraudulent sites selling brand name shoes. Unfortunate shoppers may not only be disappointed with the faux merchandise, but they will also relinquish their personal and financial data to Magecart fraudsters.” reads the post published by Malwarebytes.
The experts uncovered a large-scale hacking operation that is targeting these counterfeit sneaker sites, many of which are still online.
The Magecart skimmer code was appended to
The JavaScript captures shoppers’ credit card data and sends them to a server located in China having the IP address 103.139.113
The massive campaign compromised e-commerce sites having similar templates, and running upon outdated versions of Magento (under 1.9.4.2) and PHP under 5.6.40. Experts also noticed that all of them were located on a small number of IP address subnets.
The attackers likely used a malicious scanner against crawled IP ranges and used the same vulnerability to compromise each online store offering counterfeit products.
The full list of the compromised stores, along with Indicators of Compromise (IoC) are available on the analysis published by Malwarebytes.
“
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]
