Magecart Attacks are Back

Diving into details

• Two distinct Magecart campaigns had injected e-skimmer scripts into the online ordering portals of three restaurants—InTouchPOS, MenuDrive, and Harbortouch—using three different platforms. 
• The attack at least infected 311 restaurants and researchers anticipate more to be added. 
• The attackers stole at least 50,000 payment card details from these restaurants and posted them for sale on the dark web.

Into the specifics

• MenuDrive and Harbortouch were targeted in the same attack that resulted in 74 and 80 restaurants using Harbortouch and MenuDrive, respectively.
• A separate Magecart campaign targeted InTouchPOS in November 2021. This campaign infected 157 restaurants using the platform. 
• The above campaign shares similarities with another campaign targeting 400 e-commerce websites since at least May 2020. 
• Over 30 of the infected sites remained compromised as of June this year.

More e-skimmers

• PrestaShop, an open-source e-commerce platform, was found to have an injection that overrode the site’s existing credit card payment form.
• Last month, the Bank of the West warned its customers that their debit card numbers and PINs were stolen by skimmers installed on multiple ATMs belonging to the bank.

The bottom line