loader gif

Magecart Used Same Skimmer against Two Web-Based Suppliers

Magecart Used Same Skimmer against Two Web-Based Suppliers (Threat Actors)

The first attack occurred at 15:56:42 GMT on 10 May when bad actors injected the skimmer into the bottom of a script used by enterprise content management system CloudCMS. This malicious action targeted version 1.5.23 of the script, which limited the scope of this attack. Even then, RiskIQ observed that only a few hundred websites were using CloudCMS scripts at the time of detection. A view of the Magecart skimmer inserted into the bottom of the CloudCMS script. (Source: RiskIQ) The Magecart attackers also leveraged the script against analytics provider Picreel. In contrast to the CloudCMS case, RiskIQ found that hundreds of sites were using the affected script.

loader gif