top of page

New Magecart-style web skimmer campaign uncovered by cybersecurity researchers

Researchers at Akamai have discovered a new campaign where hackers are using Magecart-style web skimming to steal personally identifiable information (PII) and credit card data from e-commerce websites. A key difference that sets this campaign apart from others is that the hijacked sites are being used as "makeshift" command-and-control (C2) servers to distribute malicious code without the knowledge of the victim sites. This campaign has been active for nearly a month and has affected sites in North America, Latin America, and Europe. Magecart is a type of cyberattack where hackers insert malicious code into a website in order to steal payment card information from customers who input their information into the website. This is usually done by adding a few lines of code to the website's checkout page or other pages where customers input their information. The code then sends the payment information to the hackers when the customer submits it. This new campaign is similar to others in that regard, but the hackers are using hacked sites to host the web skimmer code. This allows them to take advantage of the good reputation of the hacked site to avoid detection. In some cases, the attacks have been underway for nearly a month. Akamai security researcher Roman Lvovsky said, "Attackers employ a number of evasion techniques during the campaign, including obfuscating [using] Base64 and masking the attack to resemble popular third-party services, such as Google Analytics or Google Tag Manager." This campaign puts the personal data of thousands of site visitors at risk of being harvested and sold. If you have inputted your payment information into a website in the last month, it is recommended that you check your credit card statements for any suspicious activity. You can also contact your credit card company to see if they have any information about suspicious activity on your account.


bottom of page