loader gif

Magecart's 'shotgun approach' to payment card theft is wreaking havoc on e-commerce sites

Magecart's 'shotgun approach' to payment card theft is wreaking havoc on e-commerce sites (Threat Actors)

Hacking associations like Magecart — a loose collection of at least 12 groups that specialize in skimming payment data from digital checkout pages — are carrying out more efficient attacks to walk off with online shoppers’ data. By injecting malicious code into vulnerable e-commerce systems in anywhere from the payment system Magento to advertisements and analytics pages, thieves are able to exfiltrate payment information without detection. Each group relies on different techniques, ranging from exploiting server vulnerabilities to using unique skimming code and, in the case of Group 5, which was blamed for the Ticketmaster breach, hacking third party suppliers. “You buy one of these skimming kits for a few hundred bucks and sit back and wait for the cards to come in.” The name originated with RiskIQ researchers in 2015 who noticed that thieves were modifying the mage.php code in Magento websites’ cart sections, Klijnsma said.

loader gif