The notorious Magecart group has struck again. This time, it has compromised the online store of Atlanta Hawks. The recent attack was detected when security experts from Sanguine Security came across a malicious code by Magecart on the checkout page of the Hawks store. According to the firm, the code has impacted users who shopped on or after April 20th from the store.
Magecart is infamously known for targeting large companies such as Ticketmaster, British Airways and Newegg.
The big picture
Data exfiltrated to a new domain
The experts from Sanguine also suggested that the Magecart group used a different domain to possibly store keystrokes from the online store.
“Using Chrome Developer Tools, we see that during checkout, an extra request is made to the domain imagesengines[.]com. The payload is, as expected, the (encoded) name, address and card of our “bait shopper”.The exfiltration domain imagesengines.com has only been registered on March 25th and has nothing to do with the legitimate store. It is hosted with Leaseweb, a popular ISP among criminal actors,” they indicated.