Magecart credit card skimming attack
Ever wondered what it takes to get scammed @ Infowars store? Nothing! Absolutely Nothing! Customers facing Scams is an everyday facade here!
A recently discovered attack at Infowars web site involves a new tactic. A malware embedded in the conspiracy site’s checkout process records customer’s credit card details and transmits them to threat actor’s remote servers.
In today’s golden age of online shopping, people usually prefer to receive products at their doorsteps by punching in credit card details in ecommerce websites. Threat actors leverage this lucrative opportunity to yank the chain of innocent consumers by unethical means.
Consumers remain unaware of the fact that the well-known & vetted websites that they blindly rely on can swindle them of their hard earned money.
What is Magecart?
Attacks on websites with the purpose of stealing user financial details are not new. Magecart credit card skimming attack has been recently discovered that is known to have stolen the credit card details of around 1600 customers within 24 hours.
Magecart refers to a toolkit of malicious software that monitors eCommerce payment pages to track payment information by making use of a few lines of Javascript code. These payment details are regularly monitored and sent to attacker’s remote servers where the collected information can be used to extort victims.
Magecart has been used in various forms to gobble up credit card information across the e- commerce industry. High profile hacks on renowned companies like Newegg & British Airways utilized this technique exploiting thousands of consumers.
Modus Operandi on Magecart credit card skimming Attack
Magecart script was embedded on every page of Infowars’ online store but it reportedly functioned when a user decided to check out. The piece of code once installed attempted to masquerade as part of a Google Analytic Script. The malicious script comprised of the following methods that launched the attack in various stages:
- setInterval method: The logic in this function involved examining every 1.5 seconds if the browser developer tools were open. If the dev tools were open, the script was put to sleep to evade detection. Otherwise, a collectForm function was called to harvest payment information.
- collectForm method: This method was coded to collect payment details entered in the form by the visitor. The collected information is then sent to the sendForm function.
- sendForm function: The sendform function was coded to dynamically create an image to inject in the page. The source of the image was a url for attacker’s server. When the image was injected in the page, the browser tried to load the image and pass the forms content to the attacker’ server.
Infowars say on Magecart credit card skimming attack
The corporate press claimed that the point of entry of the deceit was a Magento plugin to the shopping cart. However, Infowarsstore.com alleges to have never installed that plugin.
Infowars states that this zero day hack involved a hacker group that aimed to scare business away from Infowarstore.com.
Infowars blames the big techs, Communist Chinese and Democratic Party for this act to defame Infowars.
Moreover, the company states that most of the purchases during the time of the malware attack were re-orders, so the probability of customer’s information being compromised is negligible.
Hits: 135
Home
