Aussie Bushfires Donation Site Hit by Magecart Thieves
January 15, 2020
CCME (4607 articles)
Share

Aussie Bushfires Donation Site Hit by Magecart Thieves

A website set-up to accept donations for victims of the devastating Australian bushfires has become a victim itself — of digital skimming code designed to harvest card details.

Security researchers at Malwarebytes took to Twitter to reveal the problems that hit the unnamed donations site, which was raising money for those affected by fires in Lake Conjola that have destroyed scores of homes.

In such Magecart-style attacks, hackers typically inject malicious JavaScript into payment pages to harvest card and personal data as it is entered in by shoppers, or in this case, donators to a worthy cause. It is then exfiltrated to an external domain under the attackers’ control.

It’s a tried-and-tested method for data theft that lands the attackers with a complete set of information for each victim, worth more on the dark web than individual components.

In this incident, the malicious script in question was identified as “ATMZOW” and the known bad domain it exfiltrated data to was spotted as vamberlo[.]com.

Replying to the post on Twitter, Troy Mursch of security firm Bad Packets claimed that the same malicious script had been identified targeting an additional 39 separate websites.

Deepak Patel, security evangelist at PerimeterX, argued that Magecart attackers have hit new lows with this latest raid.

“Given the lack of visibility into such client-side attacks, the website owners often find out about the data breach days or weeks after the code injection. This extended time allows skimmers to monetize the stolen cards to the fullest extent,” he explained.

“Any site that processes user PII and accepts payments should take steps to shore up their application security by tracking and monitoring first- and third-party code execution on their sites in real time.”

RiskIQ last year claimed to have identified over two million Magecart detections in the wild — a sign of its growing popularity among black hat data thieves.

This post Aussie Bushfires Donation Site Hit by Magecart Thieves originally appeared on InfoSecurity Magazine.

Read More

Related articles

Raccoon Stealer Campaign Circumvents Microsoft and Symantec Anti-Spam Messaging Gateways

Raccoon Stealer Campaign Circumvents Microsoft and Symantec Anti-Spam Messaging Gateways

Hackers Launching Unique Windows and MacOS Malware via Fake WhatsApp Official Website

Hackers Launching Unique Windows and MacOS Malware via Fake WhatsApp Official Website

Mukashi, The New Mirai Variant That Targets Zyxel NAS

Mukashi, The New Mirai Variant That Targets Zyxel NAS