loader gif

Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site

Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site (Threat Actors)

Hackers injected the Forbes' subscription website with a Magecart script which collects payment card data customers introduce on the checkout page and exfiltrates it to a server controlled by the attackers. While the obfuscated Magecart script can still be found on the forbesmagazine.com website, the domain used by the attackers to collect the stolen payment information has been taken down using Freenom's abuse API which makes it possible to take down malicious domains immediately. The deobfuscated version of the Magecart script can be found HERE, with the script showing the exact payment data collected by the cybercriminals, as well as the address of the server where the skimmed info was being sent to. Magecart script on forbesmagazine.com exfiltrating payment card info During late-April, Malwarebytes security researcher Jérôme Segura found hundreds of Magento stores injected with skimmer scripts hosted on GitHub repositories, with Magecart groups also managing to infect the online shop of the Atlanta Hawks NBA basketball team as unearthed by Sanguine Security.

loader gif