Magecart credit card skimming attack
News | 11/15/2018

Infowars Store Affected by Magecart Credit Card Stealing Hack

About: Infowars best known as the fake news platform & an online store to purchase goods and services was recently infected by a nasty MageCart infection. The malware was concealed within a block of Google Analytics Script and was live for just 24 hours bef...  Read More  

| News | Infowars Store Affected by Magecart Credit Card Stealing Hack

Magecart credit card skimming attack

Ever wondered what it takes to get scammed @ Infowars store? Nothing! Absolutely Nothing! Customers facing Scams is an everyday facade here!

Magecart credit card skimming attack

A recently discovered attack at Infowars web site involves a new tactic. A malware embedded in the conspiracy site’s checkout process records customer’s credit card details and transmits them to threat actor’s remote servers.

 

In today’s golden age of online shopping, people usually prefer to receive products at their doorsteps by punching in credit card details in ecommerce websites. Threat actors leverage this lucrative opportunity to yank the chain of innocent consumers by unethical means.

 

Consumers remain unaware of the fact that the well-known & vetted websites that they blindly rely on can swindle them of their hard earned money.

What is Magecart?

Attacks on websites with the purpose of stealing user financial details are not new. Magecart credit card skimming attack has been recently discovered that is known to have stolen the credit card details of around 1600 customers within 24 hours.

Magecart credit card skimming attack

 

Magecart refers to a toolkit of malicious software that monitors eCommerce payment pages to track payment information by making use of a few lines of Javascript code. These payment details are regularly monitored and sent to attacker’s remote servers where the collected information can be used to extort victims.

 

Magecart has been used in various forms to gobble up credit card information across the e- commerce industry. High profile hacks on renowned companies like Newegg & British Airways utilized this technique exploiting thousands of consumers.

Modus Operandi on Magecart credit card skimming Attack

Magecart script was embedded on every page of Infowars’ online store but it reportedly functioned when a user decided to check out. The piece of code once installed attempted to masquerade as part of a Google Analytic Script. The malicious script comprised of the following methods that launched the attack in various stages:

 

  1. setInterval method: The logic in this function involved examining every 1.5 seconds if the browser developer tools were open. If the dev tools were open, the script was put to sleep to evade detection. Otherwise, a collectForm function was called to harvest payment information.setInterval method
  2. collectForm method: This method was coded to collect payment details entered in the form by the visitor. The collected information is then sent to the sendForm function.collectForm method
  3. sendForm function: The sendform function was coded to dynamically create an image to inject in the page. The source of the image was a url for attacker’s server. When the image was injected in the page, the browser tried to load the image and pass the forms content to the attacker’ server.

Infowars say on Magecart credit card skimming attack

The corporate press claimed that the point of entry of the deceit was a Magento plugin to the shopping cart. However, Infowarsstore.com alleges to have never installed that plugin.

 

Infowars states that this zero day hack involved a hacker group that aimed to scare business away from Infowarstore.com.

 

Infowars blames the big techs, Communist Chinese and Democratic Party for this act to defame Infowars.

 

Moreover, the company states that most of the purchases during the time of the malware attack were re-orders, so the probability of customer’s information being compromised is negligible.

Hits: 135

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Jaipur
Rajasthan 302033
Phone: +91 9799661866