Experts from Malwarebytes have discovered a new Magecart attack that compromised a website collecting donations for the victims of the Australia bushfires.
Crooks planted a malicious script on the website that was designed to steal the payment information of the donors and send them to a domain under the control of the attackers.
The software skimmer named ATMZOW was planted in the checkout page and is executed when visitors of the site adds an item to their cart.
Stolen credit card data are sent to the vamberlo[.]com domain.
“Malwarebytes’ Jérôme Segura has told BleepingComputer that once they became aware of the compromised site they were able to get the vamberlo[.]com shut down.” states the post published by Bleeping Computer.
The malicious domain used by the attackers was shut down, this means that the software skimmer is not able to send the stolen credit card data to the attackers, but we cannot exclude that attackers could use a different domain. The only way to secure the website is to remove the software skimmer, but the malicious code has yet to be removed.
Malwarebytes attempted to contact the owner of the website without success.
Unfortunately, many other e-commerce sites were compromised with the ATMZOW skimmer. Querying the PublicWWW online service for the malicious skimmer we can find it on tens of websites.
Recently other MageCart attacks were reported by security experts, last week experts reported that the Magecart group has compromised the website of the photography and imaging retailer Focus Camera.
Two distinct MageCart groups have compromised multiple European websites for the Perricone MD anti-aging skin-care brand with the intent of stealing customer payment card info.
A few days ago I reported the news of two Magecart groups that planted software skimmers on Perricone MD websites in Italy, Germany, and the U.K..
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – MageCart attack, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.