Credit card skimming attacks have been continuously evolving for the past few years. Recently, a new hacking group has been observed targeting e-commerce websites using some enhanced variants of skimming attacks, which includes additional capabilities such as keylogging and phishing.
What has been discovered?
Hacking group Fullz House was observed targeting the U.S.-based mobile virtual network operator (MVNO) Boom! Mobile via Magecart attack.
- In addition to the usual task of harvesting data, this script works more like a keylogger that continuously checks input fields for changes. As soon as any change is detected, it infiltrates that data.
- This skimmer acts as a phishing tool that can redirect users from the compromised website to fake payment pages, which are designed to work like a man-in-the-middle attack, mimicking the legitimate payment portals.
Recent Magecart attacks
In the past few months, there have been some notable incidents when e-commerce sites were targeted by Magecart groups.
- In mid-September, attackers compromised almost 2,000 online stores via a typical Magecart attack, injecting malicious code to Magento sites to steal credit card details.
- At the beginning of September, Magecart affiliated hackers were observed using encrypted messaging service Telegram to send information about stolen credit-cards to its C2 servers.
Magecart attacks have proved consistently troublesome for e-commerce platforms across the globe. And frequent new enhancements indicate that attackers are not planning to slow down with their attempts. Therefore, experts recommend organizations to stay protected by keeping all the applications and third-party plugins updated and conducting regular audits for any vulnerabilities in their infrastructure.