top of page
Search

Ongoing Magecart Campaign Leverages Fake Payment Screens to Capture Sensitive Data



An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page," Jérôme Segura, director of threat intelligence at Malwarebytes, said. "The remarkable thing here is that the skimmer looks more authentic than the original payment page." The term Magecart is a catch-all that refers to several cybercrime groups which employ online skimming techniques to steal personal data from websites – most commonly, customer details and payment information on e-commerce websites. The name originates from the groups' initial targeting of the Magento platform. According to data shared by Sansec, the first Magecart-like attacks were observed as early as 2010. As of 2022, more than 70,000 stores are estimated to have been compromised with a web skimmer. These digital skimming attacks, also called formjacking, traditionally leverage various kinds of JavaScript trickery to siphon sensitive information from website users. The latest iteration, as observed by Malwarebytes on an unnamed Parisian travel accessory store running on the PrestaShop CMS, involved the injection of a skimmer called Kritec to intercept the checkout process and display a fake payment dialog to victims. The Magecart campaign is a growing concern for many online shoppers and e-commerce websites. This is because the Magecart group uses skimming techniques to steal personal and payment information from unsuspecting users. The group gets its name from the Magento platform, which was one of the first targets of the Magecart group. However, the group has since expanded its target list to include other e-commerce platforms. According to data shared by Sansec, the first Magecart-like attacks were observed as early as 2010. As of 2022, more than 70,000 stores are estimated to have been compromised with a web skimmer. These digital skimming attacks, also called formjacking, traditionally leverage various kinds of JavaScript trickery to siphon sensitive information from website users. The latest iteration, as observed by Malwarebytes on an unnamed Parisian travel accessory store running on the PrestaShop CMS, involved the injection of a skimmer called Kritec to intercept the checkout process and display a fake payment dialog to victims. Jérôme Segura, director of threat intelligence at Malwarebytes, said that the skimmer looks more authentic than the original payment page. This is a cause for concern as it may trick more users into giving away their personal and payment information. E-commerce websites and users can protect themselves by being aware of these digital skimming attacks and being cautious when inputting personal and payment information online.

Comments


bottom of page