The Magecart group has compromised the website of the photography and imaging retailer Focus Camera. The hack took place last year, the hacker planted a software skimmer on the website to steal payment card data of users that purchased the products on the portal.
Like other Magecart attacks (i.e. British Airways) the attackers registered a domain resembling a legitimate brand or product, in this case, they used the “zdsassets.com” a domain that resembles ZenDesk’s website “zdassets.com.”
The ‘zdsassets.com‘ domain was registered on 2019-11-08, while the e-skimmer was discovered by the researcher Mounir Hahad from Juniper Networks.
The attackers used the script to load a payload encoded using base64 and developed to steal personal and payment card data (email, customer name, address (billing, and shipping), phone number, and card details (number, expiration date, CVV code).
“Based on some DNS telemetry we have access to, this C&C domain has been resolved 905 times since it was created, which may be an indication of the number of victims of this card skimming operation.” reads the analysis published by the expert. “It is possible the same C&C domain is being used across multiple compromised shopping sites and campaigns – At this time, we don’t have any telemetry to prove it one way or the other.”
The expert noticed that that the script was stealing data of customers who check out as a guest, he did not test the checkout process for registered users.
Juniper researchers reported their findings to the Focus Camera website that removed the malicious code.
“MageCart continues to pose significant risk to online shopping and is expected to be one of the top cyber security stories of 2020. It is possible for site owners to guard against this attack by ensuring the integrity of their site’s source code.” concludes the expert.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Magecart, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.