MageCart gang compromised popular Focus Camera website

A new MageCart attack made the headlines, this time the gang compromised the website of popular Focus Camera.

The Magecart group has compromised the website of the photography and imaging retailer Focus Camera. The hack took place last year, the hacker planted a software skimmer on the website to steal payment card data of users that purchased the products on the portal.

Like other Magecart attacks (i.e. British Airways) the attackers registered a domain resembling a legitimate brand or product, in this case, they used the “zdsassets.com” a domain that resembles ZenDesk’s website “zdassets.com.”

The ‘zdsassets.com‘ domain was registered on 2019-11-08, while the e-skimmer was discovered by the researcher Mounir Hahad from Juniper Networks.

The attackers used the script to load a payload encoded using base64 and developed to steal personal and payment card data (email, customer name, address (billing, and shipping), phone number, and card details (number, expiration date, CVV code).

“Based on some DNS telemetry we have access to, this C&C domain has been resolved 905 times since it was created, which may be an indication of the number of victims of this card skimming operation.” reads the analysis published by the expert. “It is possible the same C&C domain is being used across multiple compromised shopping sites and campaigns – At this time, we don’t have any telemetry to prove it one way or the other.”

The expert noticed that that the script was stealing data of customers who check out as a guest, he did not test the checkout process for registered users.

Juniper researchers reported their findings to the Focus Camera website that removed the malicious code.

“MageCart continues to pose significant risk to online shopping and is expected to be one of the top cyber security stories of 2020. It is possible for site owners to guard against this attack by ensuring the integrity of their site’s source code.” concludes the expert.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Magecart, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.